Important topics of remote access to CLI and FTP are described here.
The Lotus Sametime Unified Telephony provides secure command-line and file-transfer interfaces using SSH and SFTP. The following describes its functionality:
The Lotus Sametime Unified Telephony blocks unencrypted FTP and RCP and provides SFTP in normal operation, with the exception of IPsec-protected FTP instead of SFTP for machine interfaces to the billing server).
The Lotus Sametime Unified Telephony Admin/Installation server supports SSH for CLI and file transfer.
The Lotus Sametime Unified Telephony terminal server, if installed, disables Telnet and FTP and supports SSH instead.
OpenSSH, Protocol Version 2 (SSH2), is installed to replace administration- or service-initiated Telnet, FTP, RSH, and RCP CLI and file transfer traffic over an unsecured network. Note that the machine interface to the billing server is protected using IPsec instead of SFTP for uploading of CDR records (transfer by push), the transfer of which is also protected by IPsec.
The Lotus Sametime Unified Telephony uses RSH and RCP for installation and upgrade.
A terminal server may be used to provide remote access to the console port when required by the enterprise's policies. It is strongly recommended that any terminal server deployed to provide remote access to the console port have secure interfaces for administration or service login. The LX4016S Terminal Server product from MRV Communications is selected, which supports SSHv2.
Administration or Service Access
Since administration or service access must be possible from any machine connected to the customer network with access to the Lotus Sametime Unified Telephony, a purely machine-based SSH interface cannot be implemented. Instead, the SSH connection must be based on the administration or service identity.
At installation, a key pair is created for the Lotus Sametime Unified Telephony, and the Lotus Sametime Unified Telephony is provisioned with the user IDs of all administration or service personnel allowed to access the Lotus Sametime Unified Telephony.
During an SSH user login, the Lotus Sametime Unified Telephony returns its public key, which is checked by the system administration or service terminal to ensure that communication is correctly occurring with the correct Lotus Sametime Unified Telephony. Then the administrator or service technician provides the Lotus Sametime Unified Telephony with its user ID and password encrypted with the public key of the Lotus Sametime Unified Telephony.
For this to function the administration or service terminal needs to support SSH.
Parent topic: CLI User Management