Table of Contents
Advertisement
Access Controllers
2
AC5102 (ACC-G2)
2.2.8.3 SD Card Update Troubleshooting
2.2.9 Network Security
18 | 38
For SD Card Updates, the ACC-G2 only supports non-HC type SD Cards. This
means SD Cards in the range of 512MB to 2GB only can be used.
1. There is an issue with using 1GB and 2GB SD Cards on the older ACCs with
the 32kB EEPROM - when loaded with a CCP2 update image, the cards are
not recognized by RomBOOT. The 1GB and 2GB SD Cards are only
recognized on the newer ACCs with the SPI Data Flash fitted. Both ACC
variants recognized 1GB and 2GB cards with update images for the CCP1
platform.
2. Also, the SD Cards with CCP2 Update images needed to be run twice in order
to actually perform the update on the older ACCs if they are currently running
an older CCP1 platform build. On the first instance they just booted the existing
CCP1 image - press the RESET button or power up again for the update to
take effect.
The ACC-G2 uses Linux as an operating system, which provides both an
increased level of security and reliability, but also requires some extra care in
security.
Summary: disable both SSH and telnet for maximum security, and set a root
password.
SSH
A SSH server is by default running on the ACC-G2. This allows for access to the
linux shell console for maintenance purposes and trouble shooting, but in normal
operation should be disabled so that it is not bound to the Ethernet interface, but
instead restricted to just the local USB Ethernet interface.
Note: After the upgrade to CCP2 Platform, SSH access is no longer available for
end user.
Disable external access to the SSH server with the console command:
" set ssh usb "
SSH access can be enabled with the console command:
" set ssh all "
The TCP port number that the SSH server listens on us 10022. This can be
changed with the console command:
"set ssh port xyz "
Where xyz is a valid and unique TCP port number.
The standard port number for SSH is port 22, but many network probing tools
attack port 22 by default.
Root Password
The username for gaining access to the linux shell is "root", the password is the
default root password – "spirit".
The root password can be changed within the application via telnet, using the
command:
" set rootpassword Large_String "
where Large_String should be long phrase that meets the requirements for a
strong password. Use double quotes if the string contains spaces, but don't use
double quotes when entering the password via SSH login.
Telnet
The ACC-G2 still offers a simple telnet server for allowing user access to the
application. Telnet is not encrypted, so any password used to gain access to the
ACC-G2 can be "seen" on the network.
We recommend that telnet should be disabled from SiPass after the initial setup of
the ACC-G2.
A6V11164550
Advertisement
Table of Contents
