Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing SSH Admin Access

Published byDorthy Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing SSH Admin Access"— Presentation transcript:

1 Securing SSH Admin Access
Cisco Live 2014 4/25/2017 Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products

2 NEW Only from Cisco and Pragma
The Threat: Unauthorized access to command line Stolen passwords Revoked / Expired Public Keys Spoofing the client X.509 certificate with RFC 6187 (single factor) Server side certificate validation CAC/smartcard with RFC 6187 (2 factor) Most secure authentication – Sever side certificate and PIN NEW Only from Cisco and Pragma

3 First end-to-end solution with Cisco and Pragma Systems
Most secure Government Certified Standard RFC-6187 First end-to-end solution with Cisco and Pragma Systems For customers that need: Secure access to command line With two factor authentication Authenticate with X.509 certificate & PIN Many government , financial and healthcare institutions have significant regulatory compliance, governance and secure file access and sharing restrictions. Today’s security environment requires multi factor and secure authentication to our organizations’ most trusted secrets and data. Cisco Systems have partnered to provide the *only* government approved and FIPS certified SSH solution that provides remote and secure access to Cisco routers and switches for the ultimate in relability, access and control. Only RFC compliant solution. Before – only keys Now -- RFC SSH authentication with X.509 certificates. Metadata can be used -- Check Revocation, Expiration, EKU(e.g., a role) Combined with a CAC/smartcard, this permits secure 2-factor authentication and allows the server to validate certificate metadata

4 SSH Access with DoD Common Access Cards
X.509 Authentication SSH Session Establishment Cisco SSH Server Feature Pragma Fortress CL SSH Client CAC card reader

5 Demonstration

6 To reach the router or switch, End-user starts SSH session on their PC
Start SSH from “Fortress CL” Icon. Fortress CL Client

7 User inserts Smart Card Smart card has the user’s credentials
Using CAC cards with Pragma FortressCL Card gets loaded into machine store.

8 User now clicks “connect button”.
Start SSH from “Fortress CL” Icon.

9 User enters User-ID; Selects Smart Card / CAC button Click on ellipsis button

10 If end-user has more than one credential, he selects the certificate that he wants to use.
Certificates are stored on the smart-card.

11 Click on connect David.S.Kulwin

12 End-user enters PIN. Router now has: Certificate and PIN User name
SSH handshake now proceeds

13 SSH session starts from end-user PC to Cisco Router.

14 Easy to use two-factor authentication X.509 Certificates for SSH
For Secure Access: Easy to use two-factor authentication X.509 Certificates for SSH Standards Compliant FIPS certified

15 For Further Information:
Contact your Pragma representative for a demonstration or 30 day trial version Contact your Cisco Systems sales representative.

16 4/25/2017 Cisco Live 2014

Download ppt "Securing SSH Admin Access"

Similar presentations

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.

EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
® IGEL Technology Many functions. One device. 1 Security, April 2009 Security Thin computing secures your data.

® IGEL Technology Many functions. One device. 1 Security, April 2009 Security Thin computing secures your data.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.
IGEL Security Product Marketing Manager October 2011 Florian Spatz Thin computing secures your data.

IGEL Security Product Marketing Manager October 2011 Florian Spatz Thin computing secures your data.
Client Solution Secure collaboration with partners on customer initiatives and transactions Internal users push content to site without multiple authentication.

Client Solution Secure collaboration with partners on customer initiatives and transactions Internal users push content to site without multiple authentication.
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—2-1 Implementing an EIGRP-Based Solution Lab 2-3 Debrief.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—2-1 Implementing an EIGRP-Based Solution Lab 2-3 Debrief.
Netop Remote Control Trusted. Secure. Experienced.

Netop Remote Control Trusted. Secure. Experienced.
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Microcrypt Technologies SPACER Secure Physical Access Control Enhanced Reader for contactless cryptographic smart cards.

Microcrypt Technologies SPACER Secure Physical Access Control Enhanced Reader for contactless cryptographic smart cards.
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Where and How to Access the SMB Specialization Exams.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Where and How to Access the SMB Specialization Exams.
ASA 5505 SSL VPN Joe Cicero Northeast Wisconsin Technical College.

ASA 5505 SSL VPN Joe Cicero Northeast Wisconsin Technical College.

Similar presentations

Ads by Google