Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise
16 Slides1.67 MB
Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products
The Threat: Unauthorized access to command line Stolen passwords Revoked / Expired Public Keys Spoofing the client NEW Only from Cisco and Pragma X.509 certificate with RFC 6187 (single factor) Server side certificate validation CAC/smartcard with RFC 6187 (2 factor) Most secure authentication – Sever side certificate and PIN
For customers that need: Secure access to command line Most With two factor authentication Standard Authenticate with X.509 certificate & PIN secure Government First Certified RFC-6187 end-to-end solution with Cisco and Pragma Systems
SSH Access with DoD Common Access Cards Cisco SSH Server Feature Pragma Fortress CL SSH Client X.509 Authentication SSH Session Establishment CAC card reader
Demonstration
To reach the router or switch, End-user starts SSH session on their PC Fortress CL Client
User inserts Smart Card Smart card has the user’s credentials
User now clicks “connect button”.
User enters User-ID; Selects Smart Card / CAC button Click on ellipsis button
If end-user has more than one credential, he selects the certificate that he wants to use. Certificates are stored on the smart-card.
Click on connect David.S.Kulwin David.S.Kulwin
End-user enters PIN. Router now has: Certificate and 2. PIN 3. User name 1. SSH handshake now proceeds
SSH session starts from end-user PC to Cisco Router.
For Secure Access: Easy to use two-factor authentication X.509 Certificates for SSH Standards Compliant FIPS certified
For Further Information: Contact your Pragma representative for a demonstration or 30 day trial version [email protected] Contact your Cisco Systems sales representative.