22.1. SSH resource

22.1. SSH resource
	Chapter 22. SSH - Secure SHell

The Abilis CPX SSH resource includes:

a ssh client: it processes create the login request and provide the connection establishment with the remote unit;
a ssh server: it processes are hosted on the remote system and provide the login service to the request of the clients.

	Tip
	Interesting chapter: Section 22.3, “SSH commands”.

22.1.1. Activating the SSH resource

Add the resource to the Abilis system with the following command:

[11:09:16] ABILIS_CPX:a res:ssh

RES:SSH ALREADY EXISTS

The SSH resource may already exist in the system, but may not yet be active: set it active with the command:

[11:09:21] ABILIS_CPX:s act res:ssh

COMMAND EXECUTED

	Caution
	After adding or setting the SSH active, you must restart the Abilis to make the resource running (use the command warm start to reboot the Abilis).

22.1.2. SSH resource parameters

The following command displays the parameters of the resource. The d p ssh ? command displays the meaning of each parameter.

[11:09:25] ABILIS_CPX:d p ssh


RES:Ssh -----------------------------------------------------------------------
Run    DESCR:Secure_Shell_Protocol_2
       LOG:NO                 MCAU:NO                ps:128
       KEEPALIVE:30           LOGIN-TOUT:60
       WDIR:C:\APP\SSH\
       - Server ---------------------------------------------------------------
       PSER:SSHS>             ser:3                  tcp-locport:22
       AC:YES                 PWD:****************   DT:15
       CDO:00                 UDO:CP                 PROFILE:NORMAL
       IPSRC:*                IPSRCLIST:#                     
       S-AUTH:PWD                                    MAXAUTH:6
       S-CIPHERS:ALL (3DES,IDEA,CAST,BF,AES128,AES192,AES256)
       - Client ---------------------------------------------------------------
       PCLI:SSHC>             cli:3                  MAXPROMPT:3
       CDI:*                  UDI:*                  
       C-AUTH:PWD
       C-CIPHERS:ALL (3DES,IDEA,CAST,BF,AES128,AES192,AES256)

The meaning:

LOG: State changes log and alarm generation [NO, D, S, A, L, T, ALL] [+E] (D: Debug Log; S: System Log; A: Alarm view; L: Local audible alarm; T: SNMP traps; +E: Extended Log of state changes, see ref. manual).
MCAU: Force cause 0x00 in clear packets [NO, YES].
ps: Packet size [16..2048 bytes].
KEEPALIVE: Activates and sets the value of the “keep-alive” time-out; the “keep-alive” procedure, by sending the simple packets, keeps the TCP connection “alive” even if any data is not exchanged.
LOGIN-TOUT: Login timeout [10..600 sec.].
WDIR: Directory where HOST and SERVER keys are stored. Full path with drive letter ['C'..'Z'] terminated by '\'. Max 128 chars. Spaces require double quotes (E.g. "C:\My dir\").
PSER: Prompt of the server [Alphanumeric].
ser: Maximum number of servers [0..255].
tcp-locport: Local TCP port for servers and default remote TCP port for clients [1..65535].
AC: Auto-connection mode for the SSH Server; the default value is YES. The SSH Server automatically generates a connection request, using information configured in CDO and UDO parameters, whenever it receives a login request from a Client SSH process.
PWD: Authentication password. Max 16 ASCII characters. Spaces are not allowed.
DT: Inactivity disconnect time-out [0..255 min.].
CDO: Called address field of the SSH Server outgoing call. The parameter's default value (CDO:00), along with AC setting to YES, allows to connect to the Control port.
UDO: User data field of the SSH Server outgoing call. The parameter's default value (CDO:CP), along with AC setting to YES, allows to connect to the Control port.
PROFILE: X.25 Profile [NORMAL, TRANSPARENT].
IPSRC: Incoming requests: accepted source IP address [*, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x].
IPSRCLIST: Incoming requests: list of further accepted source IP addresses [#, IP/IR/RU/MR listname].
MAXAUTH: Maximum number of authentication attempts for a SSH Client.
S-CIPHERS: Supported cryptography algorithms by SSH2 server [ALL, 3DES, IDEA, CAST, BF, AES128, AES192, AES256], values can be joined using "," operator
S-AUTH: Supported authentication methods by SSH2 client [PWD]
PCLI: Prompt of the client.
cli: Maximum number of clients [0..10].
CDI: Called NUA to match incoming X.25 BSVC call [0..9, *].
UDI: User data to match incoming X.25 BSVC call [0..9, a..z, A..Z, *].
MAXPROMPT: Maximum number of password prompts [1..10].
C-CIPHERS: Supported cryptography algorithms by SSH2 server [ALL, 3DES, IDEA, CAST, BF, AES128, AES192, AES256], values can be joined using "," operator.
C-AUTH: Supported authentication methods by SSH2 client [PWD].

The following command allows the administrator to change the configuration of the resource:

s p ssh parameter:value...

	Caution
	To activate the changes made on the upper case parameters, execute the initialization command init res:ssh; while to set act the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. With warm start command).


Chapter 22. SSH - Secure SHell		22.2. SSH diagnostics and statistics