Open Ethernet Networking (OpEN) API Guide and Reference Manual
3.6.0.3
|
Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).
The protocol specification distinguishes between two major versions that are referred to as SSH-1 and SSH-2.
There are several ways to use SSH:
i) one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.
ii) another is to use a manually generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password.
iii) another is to use a secure mechanism (SCP) to download (push) files on to the device. SSH server is enhanced to accept scp command to transfer files from a host PC to the switch file system.
Example scp push commands executed on a PC host for configuration and firmware images. scp <config file>=""> user<scp server IP>:startup-config scp <config file>=""> user<scp server IP>:backup-config scp <config file>=""> user<scp server IP>:factory-defaults scp <config file>=""> user<scp server IP>:<scriptfile.scr> scp <image file>=""> user<scp server IP>:active scp <image file>=""> user<scp server IP>:backup
To initiate scp file transfer from host PC, the following criteria should be met on the SSH server side. The public-private key pairs should be present on the switch. Enable Secure shell(SSH) server admin mode on the switch. Enable SCP server admin mode to initiate file transfer. When file transfer request initiated from host PC, the SSH server inform the switchdrvr via OpEN API openapiScpRemoteTransferStart and get the file system path to download the file. Switchdrvr will block mangement console during file transfer. After completion of file transfer, SSH server informs the switchdrvr via oPEN API openapiScpRemoteTransferComplete. The downloaded file is validated and stored in the Switchdrvr file system.
This document provides a brief description of the SSH OpEN APIs. The SSH OpEN APIs allow processes outside of the ICOS main process (switchdrvr) access to SSH Management services. It provides the following services:
All 'Set' operations may affect the Switch behavior and configuration.
In the main function, the sample application initializes the OpEN API RPC service by calling openapiClientRegister() and waits for the RPC service in switchdrvr to start. A Client Handle is returned by openapiClientRegister() which is used while invoking the OpEN APIs. The application then exercises the associated OpEN APIs and logs informational and/or error messages on the console. The example application runs to its completion and exits.
ssh_example.c is a sample application that demonstrates the use of the SSH OpEN APIs. ssh_example is started from the command line and has the following usage syntax:
Usage: ssh_example <test#> <arg1> <arg2> ...
It exercises all the SSH OpEN APIs with appropriate arguments to manage SSH protocol in the ICOS main process (switchdrvr).
CLI Command | OpEN API Reference |
---|---|
(Config)# [no]crypto key generate {dsa | rsa} | openapiSSHKeyGenerate() openapiSSHKeyDelete() openapiSSHKeyStatusGet() |
(Priv-User Mode)# [no] ip ssh server enable | openapiSSHAdminModeSet() openapiSSHAdminModeGet() |
(Priv-User Mode)# [no]sshcon timeout <timeout> | openapiSSHSessionTimeoutSet() openapiSSHSessionTimeoutGet() |
(Priv-User Mode)# [no]sshcon maxsessions <max-sessions> | openapiSSHMaxSessionsSet() openapiSSHMaxSessionsDefaultSet() openapiSSHMaxSessionsGet() openapiSSHActiveSessionsGet() |
(Priv-User Mode)# [no] ip scp server enable | openapiScpServerAdminModeSet() openapiScpServerAdminModeGet() |
(Priv-User Mode)# ssh [-l <login-name>] [-p <port>] {<ip-address | hostname>} | openapiSSHRemotePasswordGet() |