The Secure Shell (SSH) port is used within the Abilis CPX to implement the homonymous applicative program.
The Secure Shell port is identified by the mnemonic "SSH" and is provided with the parameters described in this section.
Here are examples on how to display the SSH port parameters. Dispalyed values are the default ones.
[16:04:54] ABILIS_CPX: D P PO:SSH
PO:906 - Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------
SSH ------------------------------------------------------------------------
lowpo:901 TYPE:USER MCAU:NO ps:128 tcpport:22 KEEPALIVE:NO
WDIR:C:\APP\SSH\
--Server----------------------------------------------------------------
PSER:SSHS> AC:YES DT:15
PWD: CDO:00 UDO:CP ser:3
IPSRC:* IPSRCLIST:# MAXAUTH:6
KEYLEN:768 KEYREGENT:60 HOSTKEYLEN:1024
S-CIPHERS:DES,3DES S-AUTH:PWD
--Client----------------------------------------------------------------
PCLI:SSHC> CDI:* UDI:* cli:3
DFT-CIPHER:3DES MAXPROMPT:3
C-CIPHERS:DES,3DES C-AUTH:PWD
To activate changes made on the parameters displayed by low case characters, it is needed to restart the
system; on the contrary for activating changes made on upper case parameters it is enough to execute the
initialization command INIT PO:.
Changes made on TYPE: and MCAU: parameters are immediately active.
The "Not Saved (SAVE CONF)" message is displayed every time the port configuration is modified but not saved with the SAVE CONF command.
The "Not Refreshed (INIT)" message is displayed every time the port configuration is modified but not refreshed with the INIT PO: command.
| lowpo: | Identifier of the Abilis CPX lower level port |
| NONE | 1 - 999, NONE |
It sets the Abilis CPX lower level port. It can only be an TCP port.
Value "NONE" isolates the SSH port.
| TYPE: | Port type |
| USER | USER |
This parameter is used for setting how the port has to behave if data compression is active.
The port connected to the X.25 network is defined NETWORK port; the one connected to the user equipment USER port.
The NETWORK port sends compressed data and expands the received ones; the USER port compresses the received data and sends the expanded ones.
The SSH port can be only USER.
The changes made on this parameter are immediately activated, without the need of initialisation commands.
| MCAU: | Cause code modification in CLEAR packets sent |
| NO | YES, NO |
If MCAU is set to NO, Abilis CPX transports, without any changes, the cause and diagnostic code of the CLEAR packets; it also uses the F0 cause code and the suitable diagnostic one for all the CLEAR packets internally generated.
If MCAU is set to YES, Abilis CPX forces the cause code of the CLEAR packet sent to the value 00 (DTE originated), either for the external CLEAR and the internal ones
The changes made on this parameter are immediately activated, without the need of initialisation commands.
| ps: | Maximum length of COR packet size |
| 128 | 16, 32, 64, 128, 256, 512, 1024, 2048 (bytes) |
Maximum length of COR packet size (in bytes).
| tcpport: | Identifier of the IP local port used |
| 22 | 23 |
It sets the local IP port used by the SSH port. The IP number assigned by default to the SSH process (according to recommendations) is 22.
This parameter has got only informative value and cannot be modified.
| KEEPALIVE: | Activation and setting of the "Keep-Alive" time-out |
| NO | NO, 15 - 65535 (seconds) |
It activates and set the value of the "Keep-Alive" time-out.
The "Keep-Alive" procedure, by sending the homonymous packets, keeps on the TCP connection even if data are not exchanged. The parameter set the idle time interval (in seconds) which precedes the activation of such procedure.
If the parameter is set to NO, the procedure is not active.
If its value belongs to the interval [15-65535], the procedure will be activated only when the correspondent time-out will run-over.
| WDIR: | Directory where HOST and SERVER keys are stored. |
| C:\APP\SSH\ | from 0 up to 128 ASCII extended characters [32..255] |
It selects the directory where HOST and SERVER keys are stored.
This parameter must be a physical full path in DOS notation, i.e. starting with a drive letter in the range ['A'..'Z'] and ending with the backslash ('\') character. Accepted values are strings of up to 128 ASCII extended characters in the range [32..255]. Spaces are allowed and strings holding spaces must be written between quotation marks (E.g.: "C:\My dir\"). The case of the entered string is preserved.
| PSER: | Identifier of the SSH Server |
| SSHS> | from 0 up to 16 ASCII characters [33..126] |
This parameter set the prompt of the commands interpreter of the SSH Server port.
The local IP address, expressed in Dotted Decimal Notation and in square brackets (e.g. [xxx.xxx.xxx.xxx] ), always precedes the prompt defined by the user.
It is possible to use string from 0 up to 16 ASCII characters characters in the range [33..126], spaces are not allowed.
For deleting the SSH Server identifier this parameter has to be left without value: "S P PO:xxx PSER:", where "xxx" stands for the SSH port identifier.
| AC: | Activation of the Autoconnection mode for the SSH Server |
| YES | NO, YES |
It selects the autoconnection mode for the SSH Server.
The default value is "YES". In this way the SSH Server automatically generates a connection request, using information configured in parameters CDO: and UDO:, whenever it receives a login request from a Client SSH Server.
| DT: | Inactivity disconnect time-out |
| 15 | 0..255 (min.) |
This parameter selects the idle time interval after which the connection is closed (in minutes).
| PWD: | SSH Server authentication password |
| YES | from 0 up to 16 ASCII characters [33..126] |
It sets the SSH Server password, which is asked at the connection.
It is possible to use from 0 up to 16 ASCII characters in the range [33..126], spaces are not allowed. No differences between low and high case characters are made.
Once it is set the new password will be, encryptly, saved on disk through the command "SAVE CONF".
Every time the user wants to access the SSH Server, he will need to insert the password.
For deleting the password this parameter has to be left without value: "S P PO:xxx PWD:", where "xxx" is the SSH port identifier.
| CDO: | Called NUA for outgoing X25BSVC call |
| 00 | from 1 up to 15 characters [0 - 9, #] |
It sets the called address field of the SSH Server outgoing call. The default value, jointly with the parameter AC: set to "YES", allows to connect to the Control Port.
| UDO: | User data for outgoing X25BSVC call |
| CP | from 1 up to 12 characters [0 - 9, a - z, A - Z, #] |
It sets the User data field [1] of the SSH Server outgoing call. The default value, jointly with the parameter AC: set to "YES", allows to connect to the Control Port.
| ser: | Maximum number of servers |
| 3 | 0..10 |
This parameter selects the number of SSH Server processes predisposed on the SSH port.
| IPSRC: | Accepted source IP address for incoming requests |
| * | see table, * |
The parameter configures the IP address of enabled source SSH Client system.
The allowed values are shown in the following table:
| HEX: | 00000000 | 01000000 - 7EFFFFFF | 80000000 - DFFFFFFF |
|---|---|---|---|
| DDN: | 0.0.0.0 | 1.0.0.0 - 126.255.255.255 | 128.0.0.0 - 223.255.255.255 |
IP addresses of class D and E are not currently supported.
The value '*' means "any Ip address" and it is used to enable SSH requests received from any SSH Client.
| IPSRCLIST: | List of accepted source IP addresses for incoming requests |
| # | ListName, # |
The parameter configures a list of IP addresses of enabled SSH Client systems.
It must be set to the name of an IP or IR or RU or MR list. The referenced list must already be defined in the Elements Lists service.
The value '#' stands for "no list".
| KEYLEN: | Server key length |
| 768 | 512, 768, 1024 (bits) |
This parameter selects the SSH Server RSA key length (in bits).
| KEYREGENT: | Server RSA key regeneration time |
| 60 | 30..65535 (min.) |
This parameter selects the SSH Server RSA key regeneration time (in minutes).
| HOSTKEYLEN: | Host key length |
| 1024 | 512, 768, 1024 (bits) |
This parameter selects the host RSA key length (in bits).
| MAXAUTH: | Maximum number of authentication attempts |
| 6 | 1..10 |
This parameter selects the maximum number of authentication attempts for a SSH Client.
| S-CIPHERS: | Supported cryptography algorithms |
| DES,3DES | ALL, IDEA, DES, 3DES, BF (values can be joined using "," operator) |
This parameter selects the cryptography algorithms that are supported by the SSH Server.
It can be set to "ALL", i.e. all ciphers, or it can be a combination of the following available ciphers:
| Cipher Type | Description |
|---|---|
| IDEA | IDEA in CFB mode |
| DES | DES in CBC mode |
| 3DES | Triple-DES in CBC mode |
| BF | Blowfish |
| S-AUTH: | Supported authentication method |
| PWD | NONE, PWD |
This parameter selects the authentication method that is supported by the SSH Server.
| Authentication methods | Description |
|---|---|
| NONE | No Authentication |
| PWD | Password Authentication |
| PCLI: | Identifier of the SSH Client |
| SSHC> | from 0 up to 16 ASCII characters [33..126] |
This parameter set the prompt of the commands interpreter of the SSH Client port.
The local IP address, expressed in Dotted Decimal Notation and in square brackets (e.g. [xxx.xxx.xxx.xxx] ), always precedes the prompt defined by the user.
It is possible to use string from 0 up to 16 ASCII characters characters in the range [33..126], spaces are not allowed.
For deleting the SSH Client identifier this parameter has to be left without value: "S P PO:xxx PCLI:", where "xxx" is the SSH port identifier.
| CDI: | Called NUA to match incoming X25BSVC call |
| * | from 1 up to 15 characters [0 - 9, *] |
It sets the called address field of the SSH Client incoming call.
| UDI: | User data to match incoming X25BSVC call |
| * | from 1 up to 12 characters [0 - 9, a - z, A - Z, *] |
It sets the User data field of the SSH Client incoming call.
| cli: | Maximum number of clients |
| 3 | 0..10 |
This parameter selects the maximum number of SSH Clients processes predisposed on the SSH port.
| DFT-CIPHER: | Client cryptography algorithm |
| 3DES | IDEA, DES, 3DES, BF, AUTO |
This parameter selects the default cipher type of SSH Client.
It can be one of the following available ciphers:
| Cipher Type | Description |
|---|---|
| IDEA | IDEA in CFB mode |
| DES | DES in CBC mode |
| 3DES | Triple-DES in CBC mode |
| BF | Blowfish |
If it is set to "AUTO" value, the SSH Client will try to select the cryptography algorithm automatically.
| MAXPROMPT: | Maximum number of password prompts |
| 3 | 1..10 |
This parameter selects the maximum number of unsuccessful inputs of password for the SSH client.
| C-CIPHERS: | Supported cryptography algorithms |
| DES,3DES | ALL, IDEA, DES, 3DES, BF (values can be joined using "," operator) |
This parameter selects the cryptography algorithms that are supported by the SSH Client.
It can be set to "ALL", i.e. all ciphers, or it can be a combination of the following available ciphers:
| Cipher Type | Description |
|---|---|
| IDEA | IDEA in CFB mode |
| DES | DES in CBC mode |
| 3DES | Triple-DES in CBC mode |
| BF | Blowfish |
| C-AUTH: | Supported authentication methods |
| PWD | NONE, PWD |
This parameter selects the authentication method that is supported by the SSH Client.
| Authentication methods | Description |
|---|---|
| NONE | No Authentication |
| PWD | Password Authentication |
Example on how to show state and statistics of the SSH port through the command D S:
[10:56:27] ABILIS_CPX: D S PO:SSH
PO:906 ------------------------------------------------------------------------
SSH STATE:READY
CH TYPE X25-State TCP-State LocAdd-LocPort RemAdd-RemPort
------------------------------------------------------------------------
1 CLNT READY READY
2 CLNT READY READY
3 CLNT READY READY
4 SERV READY LISTENING 000.000.000.000-22
5 SERV READY LISTENING 000.000.000.000-22
6 SERV CONNECTED CONNECTED 192.168.000.060-22 192.168.000.002-1662
-----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
SEG | 66| 0|CHAR | 4103| 23|
PCK | 34| 0|CALL | 0| 1|
RESET | 0| 0|
------------------------------------------------------------------------
Example on how to show extended statistics of the SSH port through the command D SE:
[10:56:30] ABILIS_CPX: D SE PO:SSH
PO:906 ------------------------------------------------------------------------
SSH --- Cleared 000:00:06:50 ago, on 24/03/2004 at 17:10:39 ----------------
CH TYPE X25-State TCP-State LocAdd-LocPort RemAdd-RemPort
------------------------------------------------------------------------
1 CLNT READY READY
-----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
SEG | 0| 0|CHAR | 0| 0|
PCK | 0| 0|CALL | 0| 0|
RESET | 0| 0|
------------------------------------------------------------------------
2 CLNT READY READY
-----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
SEG | 0| 0|CHAR | 0| 0|
PCK | 0| 0|CALL | 0| 0|
RESET | 0| 0|
------------------------------------------------------------------------
3 CLNT READY READY
-----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
SEG | 0| 0|CHAR | 0| 0|
PCK | 0| 0|CALL | 0| 0|
RESET | 0| 0|
------------------------------------------------------------------------
4 SERV READY LISTENING 000.000.000.000-22
-----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
SEG | 0| 0|CHAR | 0| 0|
PCK | 0| 0|CALL | 0| 0|
RESET | 0| 0|
------------------------------------------------------------------------
5 SERV READY LISTENING 000.000.000.000-22
-----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
SEG | 0| 0|CHAR | 0| 0|
PCK | 0| 0|CALL | 0| 0|
RESET | 0| 0|
------------------------------------------------------------------------
6 SERV CONNECTED CONNECTED 192.168.000.060-22 192.168.000.002-1662
-----------|---INPUT---|--OUTPUT---|-----------|---INPUT---|--OUTPUT---|
SEG | 66| 0|CHAR | 4103| 23|
PCK | 34| 0|CALL | 0| 1|
RESET | 0| 0|
------------------------------------------------------------------------
The information "Cleared DDD:HH:MM:SS ago, at DD/MM/YYYY HH:MM:SS", referred by the extended statistics, shows the elapsed time from the last reset of the statistics (by the format "days:hours:minutes:seconds") and date/time of its execution (by the format "day/month/year" and "hours:minutes:seconds").
| STATE: | Current state of the SSH port |
| READY, DOWN, ERR |
It shows the current state of the the SSH port.
| Driver | States | Meaning | Values shown in: | ||
|---|---|---|---|---|---|
| System Log | Events Log | Display LCD | |||
| SSH | READY | ... | RD | ||
| DOWN | ... | DN | |||
| ERR | Software error, contact the Abilis assistance | NA | |||
| CH | Channel identifier |
| 0 - (ser: + cli:) |
It shows the number of channel on the SSH port. The maximum number of the available channels is given by the number of Server processes (configuration parameter ser:) summed to the number of Client ones (configuration parameter cli:).
| TYPE | Process type |
| SERV, CLNT |
It shows the type of the process active on the channel: the abbreviation "SERV" identifies the Server process, the one "CLNT" the Client process.
| X25-State | Connection state |
| READY, LISTEN, CALLING, CONNECTED, CLEARING, CLEARED, ERR |
It shows the current state of the connection, towards the Connection Oriented Router.
| States | Meaning |
|---|---|
| READY | Session is ready to send the connection request |
| LISTEN | Session is ready to receive the connection request |
| CALLED | Session is establishing the connection |
| CALLING | |
| CONNECTED | Session is connected |
| CLEARED | Session is disconnecting |
| CLEARING | |
| ERR | Software error, contact the Abilis assistance |
| TCP-State | Connection state towards the TCP port |
| DOWN, READY, LISTEN, CALLING, CONNECTED, CLEARING, CLEARED, ERR |
It shows the current state of the connection, towards the TCP port.
| States | Meaning |
|---|---|
| DOWN | The parameter LOWPO: is set to NONE or the driver is not able to connect to the TCP lower level port |
| READY | Connection is closed |
| LISTEN | Connection is active and it is waiting to receive/send connection requests |
| CALLED | Connection is going to be established |
| CALLING | |
| CONNECTED | Connection is active |
| CLEARING | Connection is going to be closed |
| CLEARED | |
| ERR | Software error, contact the Abilis assistance |
| LocAdd | IP local address used by the connection |
| 0 - 255.255.255.255 |
It shows the IP local address used by the connection, whose state has not to be READY.
| LocPort | IP local port used by the connection |
| 0 - 65.535 |
It shows the IP local port used by the connection, whose state has not to be READY.
| RemAdd | IP remote address used by the connection |
| 0 - 255.255.255.255 |
It shows the IP remote address used by the connection, whose state has not to be READY.
| RemPort | IP remote port used by the connection |
| 0 - 65.535 |
It shows the IP remote port used by the connection, whose state has not to be READY.
| SEG | Overall number of segments received/sent in all the sessions |
| 0 - 4.294.967.295 |
The counter SEG (INPUT) is incremented every time a packet is received, while the counter SEG (OUTPUT) every time a packet is sent.
| CHAR | Overall number of characters received/sent in all the sessions |
| 0 - 4.294.967.295 |
The counter CHAR (INPUT) is incremented every time a packet is received, while the counter CHAR (OUTPUT) every time a packet is sent.
| PCK | Overall number of packets received/sent in all the sessions |
| 0 - 4.294.967.295 |
The counter PCK (INPUT) is incremented every time a packet is received, while the counter PCK (OUTPUT) every time a packet is sent.
| CALL | Overall number of calls sent/received in all the sessions |
| 0 - 4.294.967.295 |
The counter CALL (INPUT) is incremented every time a connection request is received, while the counter CALL (OUTPUT) every time a connection request is sent.
| RESET | Overall number of resets sent/received in all the sessions |
| 0 - 4.294.967.295 |
The counter RESET (INPUT) is incremented every time a Reset is received, while the counter RESET (OUTPUT) every time a Reset is sent.
| SEG | Number of segments received/sent by the session |
| 0 - 4.294.967.295 |
The counter SEG (INPUT) is incremented every time a packet is received, while the counter SEG (OUTPUT) every time a packet is sent by the session.
| CHAR | Number of characters received/sent by the session |
| 0 - 4.294.967.295 |
The counter CHAR (INPUT) is incremented every time a packet is received, while the counter CHAR (OUTPUT) every time a packet is sent by the session.
| PCK | Number of packets received/sent by the session |
| 0 - 4.294.967.295 |
The counter PCK (INPUT) is incremented every time a packet is received, while the counter PCK (OUTPUT) every time a packet is sent by the session.
| CALL | Number of calls sent/received by the session |
| 0 - 4.294.967.295 |
The counter CALL (INPUT) is incremented every time a connection request is received, while the counter CALL (OUTPUT) every time a connection request is sent by the session.
| RESET | Number of resets sent/received by the session |
| 0 - 4.294.967.295 |
The counter RESET (INPUT) is incremented every time a Reset is received, while the counter RESET (OUTPUT) every time a Reset is sent by the session.
[1] The parameter "UDO:" always refers to the user data, starting from the 5th byte. If the settings of the parameter "UDO:" need the user data, they will be set starting from the 5th byte and in the missing position (from 1st to 4th) the sequence "01000000" will be added.
Print this page