Securing SSH Admin Access Pragma Systems Fortress SSH

Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products

The Threat: • Unauthorized access to command line Stolen passwords • Revoked / Expired Public Keys • Spoofing the client • NEW Only from Cisco and Pragma X. 509 certificate with RFC 6187 (single factor) Server side certificate validation CAC/smartcard with RFC 6187 (2 factor) Most secure authentication – Sever side certificate and PIN

For customers that need: Secure access to command line • Most secure With two factor authentication • Standard RFC-6187 Authenticate with X. 509 certificate & PIN • Government Certified • First end-to-end solution with Cisco and Pragma Systems

SSH Access with Do. D Common Access Cards Cisco SSH Server Feature Pragma Fortress CL SSH Client X. 509 Authentication SSH Session Establishment CAC card reader 4

Demonstration 5

• To reach the router or switch, • End-user starts SSH session on their PC Fortress CL Client 6

• User inserts Smart Card • Smart card has the user’s credentials 7

• User now clicks “connect button”. 8

User enters User-ID; Selects Smart Card / CAC button Click on ellipsis button 9

If end-user has more than one credential, he selects the certificate that he wants to use. Certificates are stored on the smart-card. 10

• Click on connect David. S. Kulwin 11

• End-user enters PIN. • Router now has: Certificate and 2. PIN 3. User name 1. SSH handshake now proceeds 12

• SSH session starts from end-user PC to Cisco Router. 13

For Secure Access: • Easy to use two-factor authentication • X. 509 Certificates for SSH • Standards Compliant • FIPS certified 14

For Further Information: Contact your Pragma representative for a demonstration or 30 day trial version Sales@pragmasys. com Contact your Cisco Systems sales representative. 15