Blue Coat Systems Appliance Trim Kit Blue Coat Systems SG Appliance Manuale Utente
Chapter 2: Monitoring the SG Appliance
11
Setting up Director and SG Appliance Communication
Director and the SG appliance use SSHv2 as the default communication mode. SSHv1 is
not supported.
not supported.
For Director to successfully manage multiple appliances, it must be able to communicate
with an appliance using SSH/RSA and the Director’s public key must be configured on
each system that Director manages.
with an appliance using SSH/RSA and the Director’s public key must be configured on
each system that Director manages.
When doing initial setup of the SG appliance from Director, Director connects to the
device using the authentication method established on the device: SSH with simple
authentication or SSH/RSA. SSH/RSA is preferred, and must also be set up on Director
before connecting to the SG appliance.
device using the authentication method established on the device: SSH with simple
authentication or SSH/RSA. SSH/RSA is preferred, and must also be set up on Director
before connecting to the SG appliance.
Director can create an RSA keypair for an SG appliance to allow connections. However,
for full functionality, Director’s public key must be configured on each appliance. You can
configure the key on the system using the following two methods:
for full functionality, Director’s public key must be configured on each appliance. You can
configure the key on the system using the following two methods:
❐
Use Director to create and push the key.
❐
Use the
import-director-client-key
CLI command from the SG appliance.
Using Director to create and push client keys is the recommended method. The CLI
command is provided for reference.
command is provided for reference.
Complete the following steps to put Director’s public key on the SG appliance using the
CLI of the appliance. You must complete this procedure from the CLI. The Management
Console is not available.
CLI of the appliance. You must complete this procedure from the CLI. The Management
Console is not available.
Log in to the SG appliance you want to manage from Director.
1.
From
the (config) prompt
, enter the ssh-console submode:
SGOS#(config) ssh-console
SGOS#(config ssh-console)
2.
Import Director’s key that was previously created on Director and copied to the
clipboard.
clipboard.
SGOS#(config services ssh-console) inline director-client-key
Paste client key here, end with "..." (three periods)
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvJIXt1ZausE9qrcXem2IK/mC4dY8Cxxo1/
B8th4KvedFY33OByO/pvwcuchPZz+b1LETTY/zc3SL7jdVffq00KBN/
ir4zu7L2XT68ML20RWa9tXFedNmKl/iagI3/QZJ8T8zQM6o7WnBzTvMC/
ZElMZZddAE3yPCv9+s2TR/Ipk=director@10.25.36.47-2.00e0.8105.d46b
...
ok
To view the fingerprint of the key:
SGOS#(config sshd) view director-client-key clientID
jsmith@granite.example.com
83:C0:0D:57:CC:24:36:09:C3:42:B7:86:35:AC:D6:47
Note:
For information on creating and pushing a SSH keypair on Director, refer to the
Blue Coat Director Installation Guide.
Important:
You must add the Director identification at the end of the client key. The
example shows the username, IP address, and MAC address of Director. “Director”
(without quotes) must be the username, allowing you access to passwords in clear
text.
(without quotes) must be the username, allowing you access to passwords in clear
text.