Scribd Logo
Upload

Welcome to Scribd!

  • Admin Manual

    Uploaded by

    vladimir_dungovski
    440 views8 pages
    SSH Key exchange in SPPA T-3000

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SSH Key exchange in SPPA T-3000

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    440 views8 pages

    Admin Manual

    Uploaded by

    vladimir_dungovski
    SSH Key exchange in SPPA T-3000

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Instrumentation, Controls & Electrical

    Instrumentation & Controls

    SPPA-T3000
    Administrator Manual

    SSH Key Exchange

    August 2012

    Answers for energy.


    1

    Siemens AG 2012. All rights reserved

    Siemens Energy Sector

    Instrumentation, Controls & Electrical

    CONTENTS
    1

    INTRODUCTION .............................................................................................................. 3
    1.1 Overview................................................................................................................................................... 3
    1.2 Abbreviations........................................................................................................................................... 3
    1.3 Conventions............................................................................................................................................. 4
    1.4 References ............................................................................................................................................... 4

    SSH KEY EXCHANGE .................................................................................................... 5


    2.1 Swapping out of archive data ................................................................................................................ 5
    2.2 Remote Data Transfer ............................................................................................................................. 6
    2.3 STEP 3: Enter Options and confirmation.............................................................................................. 7

    Siemens AG 2012. All rights reserved

    Siemens Energy Sector

    Instrumentation, Controls & Electrical

    1 Introduction
    1.1

    Overview

    This manual will describe the usage of the tool SSH Key Exchange.
    SSH (secure shell) is a network protocol for secure data communication and use public and private keys to
    authenticate the remote computer
    SPPA-T3000 use SSH for these features:
    Swapping out of archive data (since SPPA-T3000 release >= 6)
    Remote Data Transfer.
    Therefore these steps have to be done:
    Public and private keys must be created on SSH server (see chapter 2: Archive Server or Terminal Server)
    Public Key must be copied from SSH server to SSH client manually (see chapter 2: Swap out Server or Thin
    Client)
    Since System Software 70.40.00 the tool SSH Key Exchange has been provided to support SSH.

    1.2

    Abbreviations

    ASD

    Alarm Sequence Display

    DST

    Daylight Saving Time

    FTP

    File Transfer Protocol

    INST

    Installation Folder of Remote Data Transfer software.


    This is: D:\RDT_Service

    IP

    Internet Protocol

    Kbps

    Kilo bits per second

    Mbps

    Mega bits per second

    RSA

    Rivest Shamir Adleman public key algorithm

    SCP

    Secure Copy Protocol (part of SSH protocol)

    SFTP

    Secure File Transfer Protocol (part of SSH protocol)

    SSH
    UTC
    XML
    <user>

    Secure Shell protocol


    Coordinated Universal Time
    Extensible Markup Language
    User login of the currently logged user

    Siemens AG 2012. All rights reserved

    Siemens Energy Sector

    1.3

    Instrumentation, Controls & Electrical

    Conventions

    Conventions used in this document are explained below.


    Symbol

    Description
    The text besides this symbol explains an important
    note or warning. If this is ignored, then errors may
    occur.

    This conveys important information or hints.

    1.4
    [1]

    References
    SPPA-T3000 Security Manual

    Siemens AG 2012. All rights reserved

    Siemens Energy Sector

    Instrumentation, Controls & Electrical

    2 SSH Key Exchange


    2.1

    Swapping out of archive data

    Since SPPA-T3000 release 6 it is required on the Application server with SPPA-T3000 Archive functionality
    to copy the file C:\cygwin\home\txpadmin\.ssh\id_rsa.pub into the folder
    C:\cygwin\home\txpadmin\.ssh\authorized_keys onto the Swap out Server.
    This will be done with the tool SSH Key Exchange.
    STEP 1: Log on as txpadmin
    Start the tool SSH data exchange on the SSH server. In this case it is the Archive Server (first or
    secondary application server. Normally the first Application Server contains the SPPA-T3000
    Archive functionality.)
    C:\Program Files\SPPA-T3000\SSH_Key_Exchange\Start_Key_Exchange.cmd

    Make sure that Archive Server (first or secondary application server) and Swap out Server are
    online and can communicate with each other before starting Online Configuration.
    The SSH server (Archive server) and SSH client (Swap out server) must be added to the
    etc/hosts file.
    If the SSH Data Exchange Tool is run and the program cannot contact the remote computer, the
    existing configuration (even if is correct), could be deleted. In such a case administrator will need to
    reconfigure RSA authentication again for that remote computer.

    STEP 2: Enter Remote Computer's IP Address (SSH client)


    In the displayed dialog box (Figure 2), enter IP address of the SSH client. In this case it is the Swap out server.

    Figure 1: Enter IP Address of Swap out server

    Continue with chapter 2.3.

    Siemens AG 2012. All rights reserved

    Siemens Energy Sector

    2.2

    Instrumentation, Controls & Electrical

    Remote Data Transfer

    Remote Data Transfer (RDT) services need to access any computer in Application Highway to import and export files
    to and from Siemens Remote Servers.
    However, in order to accomplish this, RSA based SSH authentication must be first configured between Terminal
    Server (or TC-TS1) and all computers in Application Highway. Examples of computers connected to Application
    Highway are Application server and Thin Clients.

    STEP 1: Log on as txpadmin


    Start the tool SSH data exchange on the SSH server. In this case it is the Terminal Server (or TC-TS).
    C:\Program Files\SPPA-T3000\SSH_Key_Exchange\Start_Key_Exchange.cmd

    Make sure that Terminal Server and remote computer(s) are online and can communicate with
    each other before starting Online Configuration.
    The SSH server (Terminal server) and SSH client (Swap out server) must be added to the
    etc/hosts file.
    If the SSH Data Exchange Tool is run and the program cannot contact the remote computer, the
    existing configuration (even if is correct), could be deleted. In such a case administrator will need to
    reconfigure RSA authentication again for that remote computer.

    STEP2: Enter Remote Computer's IP Address


    In the displayed dialog box (Figure 2), enter IP address of a computer on Application Highway that needs Remote
    Data Transfer feature2. Then click on Process key exchange button.

    rdtservice

    Figure 2: Enter IP Address of Remote Computer

    Continue with chapter 2.3.

    TC-TS is an abbreviation for Thin Client-Terminal Server. TC-TS is a Thin Client with Remote Access feature
    enabled on it.

    Siemens AG 2012. All rights reserved

    Siemens Energy Sector

    2.3

    Instrumentation, Controls & Electrical

    STEP 3: Enter Options and confirmation

    After entering IP Address, a few queries at the command prompt will be asked. During assembly and if running
    configuration for the first time, the command prompt shown in Figure 3 will be displayed.

    1.

    2.
    3. password of
    according user

    4. Normally type E

    Figure 3:

    Example Key Exchange for Remote Data transfer

    1. Warning! RSA keys for user <user> already exists. Create again? (yes/no)
    Type no
    2. The authenticity of host '< IP address>' can't be established.
    RSA key fingerprint is <16 byte hash>
    Are you sure you want to continue connecting (yes/no)?
    Type Yes
    3. rdtservice@nnn.nnn.nnn.nnns password:
    where nnn.nnn.nnn.nnn is the IP address of remote computer in Application Highway.
    Enter password of <user> Windows account of SSH Client.

    4. Press A to add a host or E to exit the program [A,E]?


    Type E

    Siemens AG 2012. All rights reserved

    Siemens Energy Sector

    Instrumentation, Controls & Electrical

    Published by and Copyright 2012


    Siemens AG
    Energy Sector
    Freyeslebenstrae 1
    91058 Erlangen, Germany
    Siemens Power Generation, Inc.
    Instrumentation & Controls
    1345 Ridgeland Parkway, Suite 116
    Alpharetta, GA 30004, USA
    sppa-t3000.energy@siemens.com
    www.siemens.com/sppa-t3000

    AL: N ECCN: N
    Printed on elementary chlorine-free
    bleached paper.
    All rights reserved.
    Trademarks mentioned in this document
    are the property of Siemens AG, its affiliates,
    or their respective owners.
    Subject to change without prior notice.
    The information in this document contains
    general descriptions of the technical options
    available, which may not apply in all cases.
    The required technical options should therefore
    be specified in the contract.

    www.siemens.com/energy
    Siemens AG 2012. All rights reserved

    You might also like