Tripp Lite 0 Idades Manual
Have a look at the manual Tripp Lite 0 Idades Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 7 Tripp Lite manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
101 Chapter 6: Secure SSH Tunneling & SDT Connector 6.3 SDT Connector to Management Console SDT Connector can also be configured for browser access to the gateway’s Manageme\ nt Console – and for Telnet or SSH access to the gateway command line. For these connections to the gateway itself, you must configure SDT Connector to access the gateway (itself) by setting the Console Server up as a host, and then configuring the appropriate services: • Launch SDT Connector on your computer. Assuming you have already set up the Console Server as a Gateway in your SDT Connector client (with username/ password etc), select this newly added Gateway and click the Host icon to create a host. Alternatively, select File: New Host • Enter 127.0.0.1 as the Host Address and give some details in Descriptive Name/Notes. Click OK • Click the HTTP or HTTPS Services icon to access the gateway's Management Console, and/or click \ SSH or Telnet to access the gateway command line console Note: To enable SDT access to the gateway console, you must now configure the\ Console Server to allow port forwarded network access to itself: • Browse to the Console Server and select Network Hosts from Serial & Network. Click Add Host and in the IP Address/ DNS Name field enter 127.0.0.1 (this is the Console Server's network loopback\ address). Then enter Loopback in Description • Remove all entries under Permitted Services except for those that will be used in accessing the Management Console (\ 80/ http or 443/https) or the command line (22/ssh or 23/Telnet). Scroll to the bottom and click Apply • Administrators by default have gateway access privileges. However for Us\ ers to access the gateway Management Console, you will need to give those Users the required access privileges. Select\ Users & Groups from Serial & Network. Click Add User. Enter a Username, Description and Password/Confirm. Select 127.0.0.1 from Accessible Host(s) and click Apply
102 6.4 SDT Connector - Telnet or SSH Serial Device Connection SDT Connector can also be used to access text consoles on devices that are attached t\ o the Console Server’s serial ports. For these connections, you must configure the SDT Connector client software with a Service that will access the target gateway serial port, and then set the gateway up as a host: • Launch SDT Connector on your computer. Select Edit: Preferences and click the Services tab. Click Add • Enter “Serial Port 2” in Service Name and click Add • Select Telnet client as the Client. Enter 2002 in TCP Port. Click OK, then Close and Close again Chapter 6: Secure SSH Tunneling & SDT Connector • Assuming you have already set up the target Console Server as a gateway \ in your SDT Connector client (with username/ password etc), select this gateway and click the Host icon to create a host. Alternatively, select File: New Host. • Enter 127.0.0.1 as the Host Address and select Serial Port 2 for Service. In Descriptive Name, enter something along the lines of Loopback ports, or Local serial ports. Click OK. • Click Serial Port 2 icon for Telnet access to the serial console on the device attached to serial port\ #2 on the gateway To enable SDT Connector to access to devices connected to the gateway’s serial ports, you mu\ st also configure the Console Server itself to allow port forwarded network access to itself, and enable access to the nominated serial port: • Browse to the Console Server and select Serial Port from Serial & Network • Click Edit to selected Port # (e.g. Port 2 if the target device is attached to the second serial port). Ensu\ re the port’s serial configuration is appropriate for the attached device • Scroll down to Console Server Setting and select Console Server Mode. Check Telnet (or SSH) and scroll to the bottom and click Apply • Select Network Hosts from Serial & Network and click Add Host • In the IP Address/DNS Name field, enter 127.0.0.1 (this is the Console Server’s network loopback address) and enter Loopback in Description • Remove all entries under Permitted Services and select TCP and enter 200n in Port. (This configures the Telnet port enabled in the previous step, so for Port 2 you would enter 2002) • Click Add then scroll to the bottom and click Apply • Administrators by default have gateway and serial port access privileges\ ; however for Users to access the gateway and the serial port, you will need to give those Users the required access privi\ leges. Select Users & Groups from Serial & Network. Click Add User. Enter a Username, Description and Password/Confirm. Select 127.0.0.1 from Accessible Host(s) and select Port 2 from Accessible Port(s). Click Apply.
103 Chapter 6: Secure SSH Tunneling & SDT Connector 6.5 SDT Connector OoB Connection SDT Connector can also be set up to connect to the Console Server via out-of-band (OoB). OoB access uses an alternate path for connecting to the Console Server (i.e. not the one used for regular\ data traffic). OoB access is useful when the primary link into the gateway is unavailable or unreliable. Typically a Console Server's primary link is a broadband Internet connect\ ion or Internet connection via a LAN or VPN, and the secondary out-of-band connectivity is provided by a dial-up or wireless modem directly a\ ttached to the gateway. So out-of- band access enables you to access the hosts and serial devices on the ne\ twork, diagnose any connectivity issues, and restore the gateway's primary link. In SDT Connector, OoB access is configured by providing the secondary IP address of th\ e gateway, and telling SDT Connector how to start and stop the OoB connection. Starting an OoB connection may\ be achieved by initiating a dial-up connection, or adding an alternate route to the gateway. SDT Connector allows for maximum flexibility by allowing you to provide your own scripts or commands for starting and stopping the OoB connection. To configure SDT Connector for OoB access: • When adding a new gateway or editing an existing gateway, select the Out Of Band tab • Enter the secondary OoB IP address for the gateway (e.g. the IP address\ to be used when dialing in directly). You may also modify the gateway's SSH port if it's not using the default of 22 • Enter the command or path to a script to start the OoB connection in Start Command o To initiate a pre-configured dial-up connection under Windows, use the following Start Command: cmd /c start "Starting Out of Band Connection" /wait /min rasdial networ\ k_connection login password The network_connection in the above is the name of the network connection as displayed in Control Panel -> Network Connections. Login is the dial-in username, and password is the dial-in password for the connection. o To initiate a pre-configured dial-up connection under Linux, use the fo\ llowing Start Command: pon network_connection The network_connection in the above is the name of the connection. • Enter the command or path to a script to stop the OoB connection in Stop Command o To stop a pre-configured dial-up connection under Windows, use the following Stop Command: cmd /c start "Stopping Out of Band Connection" /wait /min rasdial networ\ k_connection /disconnect The network_connection in the above is the name of the network connection as displayed in Control Panel -> Network Connections. o To stop a pre-configured dial-up connection under Linux, use the follow\ ing Stop Command: poff network_connection
104 Chapter 6: Secure SSH Tunneling & SDT Connector To make the OoB connection using SDT Connector: • Select the gateway and click Out Of Band. The status bar will change col\ or to indicate this gateway is now being access using the OoB link rather than the primary link When you connect to a service on a host behind the gateway, or to the Console Server gateway itself, SDT Connector will initiate the OoB connection using the provided Start Command. The OoB co\ nnection isn't stopped (using the provided Stop Command) until Out Of Band under Gateway Actions is clicked off, at which point the status bar will return to its normal color. 6.6 Importing (and Exporting) Preferences To enable the distribution of pre-configured client config files, SDT Connector has an Export/Import facility: • To save a configuration .xml file (for backup or for importing into \ other SDT Connector clients), select File: Export Preferences and select the location to save the configuration file • To import a configuration, select File: Import Preferences and select the .xml configuration file to be installed
105 Chapter 6: Secure SSH Tunneling & SDT Connector 6.7 SDT Connector Public Key Authentication SDT Connector can authenticate against an SSH gateway using your SSH key pair rather than requiring your to enter your password. This is known as public key authentication. To use public key authentication with SDT Connector, you must first add the public part of your SSH key pair to your SSH gateway: • Ensure the SSH gateway allows public key authentication. This is typically the defau\ lt behavior • If you do not already have a public/private key pair for your client com\ puter (the one which the SDT Connector is running) generate them now using ssh-keygen, PuTTYgen or a similar tool. You may use RSA or DSA, however it is important that you leave the passphrase field blank: o PuTTYgen: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html o OpenSSH: http://www.openssh.org/ o OpenSSH (Windows): http://sshwindows.sourceforge.net/download/ • Upload the public part of your SSH key pair (this file is typically named id_rsa.pub or id_dsa.pub) to the SSH gateway, or add it to the .ssh/authorized keys in your home directory on the SSH gateway • Next, add the private part of your SSH key pair (this file is typically named id_rsa or id_dsa) to SDT Connector. Click Edit: Preferences: Private Keys: Add, locate the private key file and click OK You do not have to add the public part of your SSH key pair; it is calculated using the private key. SDT Connector will now use public key authentication when connecting thr\ ough the SSH gateway (Console Server). You may have to restart SDT Connector to shut down any existing tunnels that wer\ e established using password authentication. If you have a host behind the Console Server that you connect to by clic\ king the SSH button in SDT Connector, you may also wish to configure access to it for public key authentication as well. \ This configuration is entirely independent of SDT Connector and the SSH gateway. You must configure the SSH client that SDT Connector launches (e.g. Putty, OpenSSH) and the host's SSH server for public key authentication. Essentially, what you are using is SSH over SSH, and the two SSH connections are entirely separate.
106 Chapter 6: Secure SSH Tunneling & SDT Connector 6.8 Setting up SDT for Remote Desktop Access Microsoft’s Remote Desktop Protocol (RDP) enables the system manage\ r securely to access and manage remote Windows computers: to reconfigure applications and user profiles, upgrade th\ e server’s operating system, reboot the machine, etc. Secure Tunneling uses SSH tunneling, so this RDP traffic is securely transferred through an a\ uthenticated and encrypted tunnel. SDT with RDP also allows remote Users to connect to Windows XP, Vista, Windows 2003 computers and to Windows 2000 Terminal Servers, and to have access to all of the applications, files,\ and network resources (with full graphical interface just as though they were in front of the computer screen itself). To set up a secure Remote Desktop connection, you must enable Remote Desktop on the target Windows computer that is to be accessed and configure the RPD client so\ ftware on the client computer. 6.8.1 Enable Remote Desktop on the target Windows computer to be accessed To enable Remote Desktop on the Windows computer being accessed: • Open System in the Control Panel and click the Remote tab • Check Allow users to connect remotely to this computer • Click Select Remote Users
107 Chapter 6: Secure SSH Tunneling & SDT Connector • To set the user(s) who can remotely access the system with RDP, click Add on the Remote Desktop Users dialog box Note: If you need to set up new users for Remote Desktop access, open User Accounts in the Control Panel and proceed through the steps to nominate the new user’s name, password and accou\ nt type (Administrator or Limited) Note: With Windows XP Professional and Vista, you have only one Remote Desktop sessi\ on and it connects directly to the Windows root console. With Windows Server 2008 you can have multiple sessions, and with Server 2003 \ you have three sessions (the console session and two other general sessions). Therefo\ re, more than one user can have an active session on a single computer. When the remote user connects to the accessed computer on the console se\ ssion, Remote Desktop automatically locks that computer (so no other user can access the applications and files). W\ hen you come back to the computer, you can unlock it by typing CTRL+ALT+DEL. 6.8.2 Configure the Remote Desktop Connection client Now that you have the Client computer securely connected to the Console \ Server (either locally, or remotely, thru the enterprise VPN, or a secure SSH internet tunnel or a dial-in SSH tunnel), you are ready to establish the Remote Desktop connection from the Client. To do this you simply enable the Remote Desktop Connection on the remote \ client computer then point it to the SDT Secure Tunnel port in the Console Server: A. On a Windows client computer • Click Start. Point to Programs, then to Accessories, then Communications, and click Remote Desktop Connection • In Computer, enter the appropriate IP Address and Port Number: o Where there is a direct local or enterprise VPN connection, enter the IP\ Address of the Console Server, and the Port Number of the SDT Secure Tunnel for the Console Server’s serial port (the one that is attached\ to the Windows computer to be controlled). For example, if the Windows computer is connected to serial Port 3 on a Console Server located at 192.168.0.50 then you would enter 192.168.0.50:7303. o Where there is an SSH tunnel (over a dial-up PPP connection or over a public internet conn\ ection or private network connection), simply enter the localhost as the IP address, i.e. 127.0.0.1. For Port Number, enter the source port you created when setting SSH tunneling/port forwarding (in Section 6.1.6) e.g.:1234. • Click Option. In the Display section, specify an appropriate color depth (e.g. for a modem connecti\ on it is recommended you not use over 256 colors). In Local Resources, specify the peripherals on the remote Windows computer that are to be controlled (printer, serial port, etc.)
108 Chapter 6: Secure SSH Tunneling & SDT ConnectorChapter 6: Secure SSH Tunneling & SDT Connector • Click Connect Note: The Remote Desktop Connection software is pre-installed on Windows XP. However, for earlier Windows computers, you will need to download the RDP client: • Go to the Microsoft Download Center site http://www.microsoft.com/downloads/details.aspx?familyid=80111F21-D48D- 426E-96C2-08AA2BD23A49&displaylang=en and click the Download button This software package will install the client portion of Remote Desktop \ on Windows 95, Windows 98 and 98 Second Edition, Windows Me, Windows NT 4.0, Windows 2000, and Windows 2003. When run, this software allows these older Windows platforms to remotely connect to a computer running Windows XP Professional or Windows 2003 Server B. On a Linux or UNIX client computer: • Launch the open source rdesktop client: rdesktop -u windows-user-id -p windows-password -g 1200x950 ms-windows-terminal-server-host-name optiondescription -aColor depth: 8, 16, 24 -rDevice redirection. i.e. Redirect sound on remote machine to local devic\ e i.e. -0 -r sound (MS/Windows 2003) -gGeometry: widthxheight or 70% screen percentage. -pUse -p - to receive password prompt. • You can use GUI front end tools like the GNOME Terminal Services Client tsclient to configure and launch the rdesktop client. (Using tsclient also enables you to store multiple configurations of rdesktop for connection to many servers.)
109 Chapter 6: Secure SSH Tunneling & SDT ConnectorChapter 6: Secure SSH Tunneling & SDT Connector Note: The rdesktop client is supplied with Red Hat 9.0: • rpm -ivh rdesktop-1.2.0-1.i386.rpm For Red Hat 8.0 or other distributions of Linux; download source, untar, configure, make, make then install. rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http://www. rdesktop.org/ C. On a Macintosh client: • Download Microsoft's free Remote Desktop Connection client for Mac OS X \ http://www.microsoft.com/mac/otherproducts/ otherproducts.aspx?pid=remotedesktopclient
110 Chapter 6: Secure SSH Tunneling & SDT Connector 6.9 SDT SSH Tunnel for VNC Alternately, with SDT and Virtual Network Computing (VNC), Users and Administrato\ rs can securely access and control Windows 98/NT/2000/XP/2003, Linux, Macintosh, Solaris and UNIX computers.\ There’s a range of popular VNC software available (UltraVNC, RealVNC, TightVNC) freely and commercially. To set up a secure VNC connection, install and configure the VNC Server software on the computer to be accessed. Then install and\ configure the VNC Viewer software on the Viewer computer. 6.9.1 Install and configure the VNC Server on the computer to be accessed Virtual Network Computing (VNC) software enables users to remotely acc\ ess computers running Linux, Macintosh, Solaris, UNIX, all versions of Windows and most other operating systems. A. For Microsoft Windows servers (and clients): Windows does not include VNC software, so you will need to download, inst\ all and activate a third party VNC Server software package: RealVNC http://www.realvnc.com is fully cross-platform, so a desktop running on a Linux ma\ chine may be displayed on a Windows computer, on a Solaris machine, or on any number of other architectures. There is a Windows server, allowing you to view the desktop of a remote Windows machine on any of these platforms using exactly the same viewer. RealVNC was founded by members of the AT&T team who originally developed VNC. TightVNC http://www.tightvnc.com is an enhanced version of VNC. It has added features such \ as file transfer, performance improvements and read-only password support. They have jus\ t recently included a video drive much like UltraVNC. TightVNC is still free, cross-platform\ (Windows Unix and Linux) and compatible with the standard (Real) VNC. UltraVNC http://ultravnc.com is easy to use, fast and free VNC software \ that has pioneered and perfected features that the other flavors have consistently refused or been very\ slow to implement for cross platform and minimalist reasons. UltraVNC runs under Windows operating systems (95, 98, Me, NT4, 2000, XP, 2003) Download UltraVNC from Sourceforge's UltraVNC file list B. For Linux servers (and clients): Most Linux distributions now include VNC Servers and Viewers. They are g\ enerally launched from the (Gnome/KDE etc) front end. For example, there’s VNC Server software with Red Hat Enterprise Linux\ 4 and a choice of Viewer client software. To launch: • Select the Remote Desktop entry in the Main Menu: Preferences menu • Click the Allow other users checkbox to allow remote users to view and control your desktop