securing ssh admin access pragma systems fortress ssh cisco enterprise routing products

Securing SSH Admin Access

Pragma Systems Fortress SSH Cisco Enterprise Routing Products

• Unauthorized access to command line• Stolen passwords• Revoked / Expired Public Keys• Spoofing the client

The Threat:

X.509 certificate with RFC 6187 (single factor) Server side certificate validation

CAC/smartcard with RFC 6187 (2 factor)Most secure authentication – Sever side certificate and PIN

NEWOnly from Cisco and Pragma

For customers that need:

Secure access to command line

With two factor authentication Authenticate with X.509 certificate & PIN

• Most secure

• Government Certified

• Standard RFC-6187

• First end-to-end solution with Cisco and Pragma Systems

SSH Access with DoD Common Access Cards

X.509 Authentication

SSH Session Establishment

CiscoSSH Server Feature

PragmaFortress CL SSH Client

CAC card reader

Demonstration

• To reach the router or switch,

• End-user starts SSH session on their PC

Fortress CL Client

• User inserts Smart Card

• Smart card has the user’s credentials

• User now clicks “connect button”.

User enters User-ID;

Selects Smart Card / CAC button

Click on ellipsis button

If end-user has more than one credential, he selects the certificate that he wants to use.

Certificates are stored on the smart-card.

• Click on connect

David.S.Kulwin

David.S.Kulwin

• End-user enters PIN.

• Router now has:1. Certificate and2. PIN 3. User name

SSH handshake now proceeds

• SSH session starts from end-user PC to Cisco Router.

• Easy to use two-factor authentication • X.509 Certificates for SSH • Standards Compliant• FIPS certified

For Secure Access:

For Further Information:

Contact your Pragma representative for a demonstration or 30 day trial version

Sales@pragmasys.com

Contact your Cisco Systems sales representative.