Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.
-
Upload
dorthy-caldwell -
Category
Documents
-
view
249 -
download
0
Transcript of Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.
![Page 1: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/1.jpg)
Securing SSH Admin Access
Pragma Systems Fortress SSH Cisco Enterprise Routing Products
![Page 2: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/2.jpg)
• Unauthorized access to command line• Stolen passwords• Revoked / Expired Public Keys• Spoofing the client
The Threat:
X.509 certificate with RFC 6187 (single factor) Server side certificate validation
CAC/smartcard with RFC 6187 (2 factor)Most secure authentication – Sever side certificate and PIN
NEWOnly from Cisco and Pragma
![Page 3: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/3.jpg)
For customers that need:
Secure access to command line
With two factor authentication Authenticate with X.509 certificate & PIN
• Most secure
• Government Certified
• Standard RFC-6187
• First end-to-end solution with Cisco and Pragma Systems
![Page 4: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/4.jpg)
SSH Access with DoD Common Access Cards
X.509 Authentication
SSH Session Establishment
CiscoSSH Server Feature
PragmaFortress CL SSH Client
CAC card reader
![Page 5: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/5.jpg)
Demonstration
![Page 6: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/6.jpg)
• To reach the router or switch,
• End-user starts SSH session on their PC
Fortress CL Client
![Page 7: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/7.jpg)
• User inserts Smart Card
• Smart card has the user’s credentials
![Page 8: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/8.jpg)
• User now clicks “connect button”.
![Page 9: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/9.jpg)
User enters User-ID;
Selects Smart Card / CAC button
Click on ellipsis button
![Page 10: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/10.jpg)
If end-user has more than one credential, he selects the certificate that he wants to use.
Certificates are stored on the smart-card.
![Page 11: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/11.jpg)
• Click on connect
David.S.Kulwin
David.S.Kulwin
![Page 12: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/12.jpg)
• End-user enters PIN.
• Router now has:1. Certificate and2. PIN 3. User name
SSH handshake now proceeds
![Page 13: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/13.jpg)
• SSH session starts from end-user PC to Cisco Router.
![Page 14: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/14.jpg)
• Easy to use two-factor authentication • X.509 Certificates for SSH • Standards Compliant• FIPS certified
For Secure Access:
![Page 15: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/15.jpg)
For Further Information:
Contact your Pragma representative for a demonstration or 30 day trial version
Contact your Cisco Systems sales representative.
![Page 16: Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products.](https://reader035.fdocuments.net/reader035/viewer/2022081506/5697bfdf1a28abf838cb2b2c/html5/thumbnails/16.jpg)