Upload
dorthy-caldwell
View
250
Download
0
Embed Size (px)
Citation preview
Securing SSH Admin Access
Pragma Systems Fortress SSH Cisco Enterprise Routing Products
• Unauthorized access to command line• Stolen passwords• Revoked / Expired Public Keys• Spoofing the client
The Threat:
X.509 certificate with RFC 6187 (single factor) Server side certificate validation
CAC/smartcard with RFC 6187 (2 factor)Most secure authentication – Sever side certificate and PIN
NEWOnly from Cisco and Pragma
For customers that need:
Secure access to command line
With two factor authentication Authenticate with X.509 certificate & PIN
• Most secure
• Government Certified
• Standard RFC-6187
• First end-to-end solution with Cisco and Pragma Systems
SSH Access with DoD Common Access Cards
X.509 Authentication
SSH Session Establishment
CiscoSSH Server Feature
PragmaFortress CL SSH Client
CAC card reader
Demonstration
• To reach the router or switch,
• End-user starts SSH session on their PC
Fortress CL Client
• User inserts Smart Card
• Smart card has the user’s credentials
• User now clicks “connect button”.
User enters User-ID;
Selects Smart Card / CAC button
Click on ellipsis button
If end-user has more than one credential, he selects the certificate that he wants to use.
Certificates are stored on the smart-card.
• Click on connect
David.S.Kulwin
David.S.Kulwin
• End-user enters PIN.
• Router now has:1. Certificate and2. PIN 3. User name
SSH handshake now proceeds
• SSH session starts from end-user PC to Cisco Router.
• Easy to use two-factor authentication • X.509 Certificates for SSH • Standards Compliant• FIPS certified
For Secure Access:
For Further Information:
Contact your Pragma representative for a demonstration or 30 day trial version
Contact your Cisco Systems sales representative.