Secure The Ssh/Sftp Service; Supported Ssh/Sftp Accounts; Ssh/Sftp Authentication - ABB XRC G5 User Manual

Hide thumbs Also See for XRC G5:

Startup manual (79 pages)

Quick start manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

Table of Contents

The Secure Shell (SSH) and Secure File Transfer Protocol (SFTP) service is implemented on the

XSeries

devices. This service provides secure shell login access and file transfer capability from a

client PC or laptop.

SSH and SFTP provides secure access, instead of the unsecured access of Telnet and FTP in earlier

device generations.

SSH/SFTP communication is client-server based. The SSH/SFTP server is implemented in the Totalflow

device. The SSH/SFTP client is implemented in third-party software installed in the computer used to

communicate with the device.

When the SSH/SFTP service is enabled, the SSH/SFTP server initializes and enters listening mode.

With the server in listening mode, it can process requests for connection from SSH/SFTP clients. The

service grants connections only to properly authenticated clients.

9.7.1

Supported SSH/SFTP accounts

The table below lists the three accounts defined for SSH/SFTP. Customers can access the Totalflow-

user account, which is read-only. The developer and tech-support accounts are only available to ABB

personnel for service and troubleshooting, or to advanced users and cybersecurity managers who

want to generate private keys to replace factory default keys.

IMPORTANT NOTE: Request Totalflow-user account default private keys from ABB. Call

ABB Customer Support listed on the last page of this manual. For instructions to establish

read-only SFTP connections, see the SSH and SFTP service overview topic in PCCU online

help.

Table 9-8: Security keys

Account

Access

privileges

Name

Totalflow-

Only SFTP

user

access

(Read-only)

Developer

Full SSH/SFTP

access

(Read-write)

Tech

Full SSH/SFTP

support

access

(Read-write)

9.7.2

SSH/SFTP authentication

Session keys encrypt the communication between the client and the SSH/SFTP server to provide

security. Authentication requires specific private-public key pairs for the type of access. Default

private keys and passphrases are requested from ABB and kept by the customer. The default public

keys are stored at the factory in a protected storage location in the device's flash. They remain

unchanged by updates of any of the device software components.

When an SFTP/SSH client requests a connection to the SSH/SFTP service, it must provide its private

key and passphrase. The service compares the private key with the public key stored in the Totalflow

device. If the keys pair correctly, it grants the connection.

IMPORTANT NOTE: Private keys are not shipped with the product or user interface

software. ABB keeps the keys and credentials safely stored. Request keys if SSH/SFTP

access is needed. Enable the service only if needed.

Default keys

Access

Totalflow-user

The following folders and their contents are

private key

available for download:

Developer

All file system

private key

Tech support

All file system

private key

 Crash Dumps

 Flash: Main Totalflow application (App),

Factory configuration, Startup (cold)

configuration

 Logs: System and device loader log files

 tfData: Running (warm) configuration files

2 1 0 60 26M NAA | XSER IE S

G 5

| 8 7

Table of Contents

This manual is also suitable for:

X g5 series Xfc g5

Secure The Ssh/Sftp Service; Supported Ssh/Sftp Accounts; Ssh/Sftp Authentication - ABB XRC G5 User Manual

Supported SSH/SFTP accounts

SSH/SFTP authentication

Related Manuals for ABB XRC G5

Related Content for ABB XRC G5

This manual is also suitable for:

Table of Contents