Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Changing the Default SSH Key
Using the default key means that SSH sessions established to the VCS may be vulnerable to "man-in-the-middle"
attacks, so you are recommended to generate new SSH keys which are unique to your VCS.
attacks, so you are recommended to generate new SSH keys which are unique to your VCS.
An alarm message "Security alert: the SSH service is using the default key” is displayed if your VCS is still configured
with its factory default SSH key.
with its factory default SSH key.
To generate a new SSH key for the VCS:
1.
Log into the CLI as root.
2.
Type regeneratesshkey.
3.
Type exit to log out of the root account.
4.
Log in to the web interface.
5.
Go to Maintenance > Restart. You are taken to the Restart page.
6.
Check the number of calls and registrations currently in place.
7.
Click Restart system and then confirm the restart when asked.
If you have a clustered VCS system you must generate new SSH keys for every cluster peer. Log into each peer in turn
and follow the instructions above. You do not have to decluster or disable replication.
and follow the instructions above. You do not have to decluster or disable replication.
When you next log in to the VCS over SSH you may receive a warning that the key identity of the VCS has
changed. Please follow the appropriate process for your SSH client to suppress this warning.
changed. Please follow the appropriate process for your SSH client to suppress this warning.
If your VCS is subsequently downgraded to an earlier version of VCS firmware, the default SSH keys will be
restored.
restored.
Restoring Default Configuration (Factory Reset)
Very rarely, it may become necessary to run the “factory-reset” script on your system. This reinstalls the software
image and resets the configuration to the functional minimum.
image and resets the configuration to the functional minimum.
Note
: Restoring default configuration causes the system to use its current default values, which may be different from
the previously configured values, particularly if the system has been upgraded from an older version. In particular this
may affect port settings, such as multiplexed media ports. After restoring default configuration you may want to reset
those port settings to match the expected behavior of your firewall.
may affect port settings, such as multiplexed media ports. After restoring default configuration you may want to reset
those port settings to match the expected behavior of your firewall.
Prerequisite Files
The
factory-reset
procedure described below rebuilds the system based on the most recent successfully-installed
software image. The files that are used for this reinstallation are stored in the /mnt/harddisk/factory-reset/ folder on
the system. These files are:
the system. These files are:
■
A text file containing just the 16-character Release Key, named rk
■
A file containing the software image in tar.gz format, named tandberg-image.tar.gz
In some cases (most commonly a fresh VM installation that has not been upgraded), these files will not be present on
the system. If so, these files must first be put in place using SCP as root.
the system. If so, these files must first be put in place using SCP as root.
Performing a Reset to Default Configuration
The following procedure must be performed from the serial console (or via a direct connection to the appliance with a
keyboard and monitor). This is because the network settings will be rewritten, so any SSH session used to initiate the
reset would be dropped and the output of the procedure would not be seen.
keyboard and monitor). This is because the network settings will be rewritten, so any SSH session used to initiate the
reset would be dropped and the output of the procedure would not be seen.
The process takes approximately 20 minutes.
363
Cisco TelePresence Video Communication Server Administrator Guide