At the heart of the StayLinked Host-based Terminal Emulation architecture is the StayLinked Server which runs directly on the same host platform as the telnet server and host applications. This host-based architecture provides an inherent level of security by isolating the telnet connection and communication within the host platform. In this host-based architecture, there are no telnet protocol packets transmitted across the network and no clear-text data exposed to the network. Additional levels of terminal emulation security are also supported by the StayLinked solution. In those cases where SOX or PCI compliance are required, the StayLinked solution supports SSH terminal emulation connections to the host system.
Secure Shell Protocol
The Secure Shell (SSH) is a set of protocols for implementing secure sessions over a non-secure network (such as a standard TCP/IP network). In order to use SSH, you must set up SSH server software on the host. Security features include the following:
- Secure login
- Strong authentication of server and client
- Several user authentication methods
- Encrypted sessions
(Contact your StayLinked agent for SSH Versions supported by StayLinked. )
Additional information is located in the Secure Communications Guide.
SSH Public and Private Key Authentication
When using Public-Private key authentication, StayLinked needs specific settings to operate at full functionality.
Foremost the StayLinked server is a Java application and only supports Java Keystore (.jks) style certificates. We must use the .jks style cert and not pem/cert or any other style. The other styles can be used to import into the jks, but not to use within StayLinked.
One key difference between a Keystore file and other certificates is the Keystore file requires a Certificate Authority(CA). These can be self-signed and generated on demand.
Java includes a program called ‘Keytool’ which can be used to generate the jks file. There is a GUI software name Portecle, which can be used as an example of how to create the jks and import the private key into the StayLinked system.
For further information, please reach out to our Support team for assistance.
SSH Keep-Alive Interval
Beginning with Server version 15.3 build 214, StayLinked supports an SSH keep alive. When using the VT-SmartTE emulation type for SSH connections, an emulation property can be added for the number of milliseconds between keepalive intervals.
There are two types of keepalive processes. The server to client keepalive is automatic and does not require any configuration. The SSH client to server keepalive has now become available for use with VT-SmartTE only.
Prior server releases will not support this option. If the SSH server does not receive X number of responses, it will terminate the session. This configuration is typically found in the /etc/ssh/sshd_config as ClientAliveInterval and ClientAliveCountMax. The following link to StackExchange offers greater detail about this configuration.
Share the post "SSH Security"