Professional Documents
Culture Documents
SPPA-T3000
Administrator Manual
August 2012
CONTENTS
1
INTRODUCTION .............................................................................................................. 3
1.1 Overview................................................................................................................................................... 3
1.2 Abbreviations........................................................................................................................................... 3
1.3 Conventions............................................................................................................................................. 4
1.4 References ............................................................................................................................................... 4
1 Introduction
1.1
Overview
This manual will describe the usage of the tool SSH Key Exchange.
SSH (secure shell) is a network protocol for secure data communication and use public and private keys to
authenticate the remote computer
SPPA-T3000 use SSH for these features:
Swapping out of archive data (since SPPA-T3000 release >= 6)
Remote Data Transfer.
Therefore these steps have to be done:
Public and private keys must be created on SSH server (see chapter 2: Archive Server or Terminal Server)
Public Key must be copied from SSH server to SSH client manually (see chapter 2: Swap out Server or Thin
Client)
Since System Software 70.40.00 the tool SSH Key Exchange has been provided to support SSH.
1.2
Abbreviations
ASD
DST
FTP
INST
IP
Internet Protocol
Kbps
Mbps
RSA
SCP
SFTP
SSH
UTC
XML
<user>
1.3
Conventions
Description
The text besides this symbol explains an important
note or warning. If this is ignored, then errors may
occur.
1.4
[1]
References
SPPA-T3000 Security Manual
Since SPPA-T3000 release 6 it is required on the Application server with SPPA-T3000 Archive functionality
to copy the file C:\cygwin\home\txpadmin\.ssh\id_rsa.pub into the folder
C:\cygwin\home\txpadmin\.ssh\authorized_keys onto the Swap out Server.
This will be done with the tool SSH Key Exchange.
STEP 1: Log on as txpadmin
Start the tool SSH data exchange on the SSH server. In this case it is the Archive Server (first or
secondary application server. Normally the first Application Server contains the SPPA-T3000
Archive functionality.)
C:\Program Files\SPPA-T3000\SSH_Key_Exchange\Start_Key_Exchange.cmd
Make sure that Archive Server (first or secondary application server) and Swap out Server are
online and can communicate with each other before starting Online Configuration.
The SSH server (Archive server) and SSH client (Swap out server) must be added to the
etc/hosts file.
If the SSH Data Exchange Tool is run and the program cannot contact the remote computer, the
existing configuration (even if is correct), could be deleted. In such a case administrator will need to
reconfigure RSA authentication again for that remote computer.
2.2
Remote Data Transfer (RDT) services need to access any computer in Application Highway to import and export files
to and from Siemens Remote Servers.
However, in order to accomplish this, RSA based SSH authentication must be first configured between Terminal
Server (or TC-TS1) and all computers in Application Highway. Examples of computers connected to Application
Highway are Application server and Thin Clients.
Make sure that Terminal Server and remote computer(s) are online and can communicate with
each other before starting Online Configuration.
The SSH server (Terminal server) and SSH client (Swap out server) must be added to the
etc/hosts file.
If the SSH Data Exchange Tool is run and the program cannot contact the remote computer, the
existing configuration (even if is correct), could be deleted. In such a case administrator will need to
reconfigure RSA authentication again for that remote computer.
rdtservice
TC-TS is an abbreviation for Thin Client-Terminal Server. TC-TS is a Thin Client with Remote Access feature
enabled on it.
2.3
After entering IP Address, a few queries at the command prompt will be asked. During assembly and if running
configuration for the first time, the command prompt shown in Figure 3 will be displayed.
1.
2.
3. password of
according user
4. Normally type E
Figure 3:
1. Warning! RSA keys for user <user> already exists. Create again? (yes/no)
Type no
2. The authenticity of host '< IP address>' can't be established.
RSA key fingerprint is <16 byte hash>
Are you sure you want to continue connecting (yes/no)?
Type Yes
3. rdtservice@nnn.nnn.nnn.nnns password:
where nnn.nnn.nnn.nnn is the IP address of remote computer in Application Highway.
Enter password of <user> Windows account of SSH Client.
AL: N ECCN: N
Printed on elementary chlorine-free
bleached paper.
All rights reserved.
Trademarks mentioned in this document
are the property of Siemens AG, its affiliates,
or their respective owners.
Subject to change without prior notice.
The information in this document contains
general descriptions of the technical options
available, which may not apply in all cases.
The required technical options should therefore
be specified in the contract.
www.siemens.com/energy
Siemens AG 2012. All rights reserved