Configuring SSH Using IDM

Configuring SSH Using IDM

The IDS sensors SSH server can also be configured through the Web interface of the sensor. The configuration of SSH is accessible under the Device | Sensor Setup menu, shown in Figure 5.9.

Click To expand
Figure 5.9: The IDS Device Manager Sensor Setup

To generate a new SSH host key for the IDS sensor, select the Generate Key link in the table of contents (TOC) menu at the left of the browser window. This will bring up the Generate Key page, as shown in Figure 5.10. To generate a new host key, select the Apply to Sensor link at the bottom right of the Generate Host Key menu in the middle of the page.

Click To expand
Figure 5.10: The Generate Key Page

To add host keys to the sensor for use in updating the IDS software or signature packs, select the Known Host Keys link in the TOC menu at the left of the browser window. If a host key is already in the known hosts list, it will be displayed in the table in the middle of the window, as shown in Figure 5.11. To add a host key to the table, select the Add link at the bottom right of the table.

Click To expand
Figure 5.11: The Known Host Keys Table

Selecting this link brings up the next page, which asks you to add the host key of the host that the IDS will communicate with. Fill in the IP address as well as the key modulus length, public exponent, and public modulus of the host key. The values for the key modulus length, public exponent, and public modulus can be obtained from the ssh_host_key.pub file. An example of such a host key is shown in Figure 5.12. Here the public exponent is 35, the key modulus length is 1024, and the public modulus is the long number between the public exponent value and the name identifier at the end of the host key.

Start Figure
1024 35 165083186592017449872574939340499169340235348223579
155978605241738075615412030757209625612325747411882803771482
511468683235829969888641604222413298190241628749319043722061
0204921172702794243732481684970354838327952077206073059744499
63827501012040238091394422736265019272114758785025494843
302236884372899127817
End Figure

Figure 5.12: The SSH Host Key Structure

The first number, 1024, is the Public Exponent. The second number, 35, is the Key Modulus Length. The final set of numbers is the Public Modulus number. All of this can be found in the /etc/ssh/ssh_host_key.pub file. This example was from Red Hat 7.2, but most flavors of Unix/Linux will follow the same format. For a Windows ssh client like Tera Term, you will find this information in the C:\program files\teraterm\ssh_known_hosts file.

Using the values in the SSH host key, fill in the required fields in the Adding Known Host Keys page, as shown in Figure 5.13. Select Apply to Sensor. The host key is added to the known_hosts list.

Click To expand
Figure 5.13: Adding an SSH Host Key to an IDS Sensor

The final option in configuring SSH through IDM is entering the individual user SSH keys. This allows for public key authentication rather than using passwords as a means of accessing the IDS sensors. To enter the necessary information, use a key generation tool such as ssh-keygen on Unix/Linux systems to generate a public/private key pair for the user on the client where the private key is going to reside. Then, display the generated public key as a set of three numbers (Key Modulus Length, Public Exponent, Public Modulus) and enter those numbers in the proper fields.

Compatible Secure Shell Protocol Clients

There are many SSH clients that can be used to access the IDS sensors. An SSH client that supports the SSH-1 protocol should be used in order to access the IDS sensor CLI. The following SSH clients have been tested by Cisco and verified to work with the SSH server in the IDS sensor software.

For Windows clients:

For Unix/Linux clients:

  • OpenSSH 3.4p1 is available at www.openssh.com/pub/OpenBSD/OpenSSH/portable.

  • The SSH Secure Shell for Servers 3.2 is available at www.ssh.com/support/downloads/secureshellserver.


    Note

    While officially the preceding list represents SSH clients that are guaranteed to be compatible with the SSH server in Cisco's IDS sensor software, the fact is there is a much wider range of SSH clients that are compatible. These clients include

    • OpenSSH 3.5–3.7 clients (both the portable version and the OpenBSD version)

    • NiftyTelnet 1.1 SSH r3 (a Macintosh SSH client)

    • SSH 1.2.3