Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise

Securing SSH Admin Access Pragma Systems Fortress SSH Cisco Enterprise Routing Products

The Threat: Unauthorized access to command line Stolen passwords Revoked / Expired Public Keys Spoofing the client NEW Only from Cisco and Pragma X.509 certificate with RFC 6187 (single factor) Server side certificate validation CAC/smartcard with RFC 6187 (2 factor) Most secure authentication – Sever side certificate and PIN

For customers that need: Secure access to command line Most With two factor authentication Standard Authenticate with X.509 certificate & PIN secure Government First Certified RFC-6187 end-to-end solution with Cisco and Pragma Systems

SSH Access with DoD Common Access Cards Cisco SSH Server Feature Pragma Fortress CL SSH Client X.509 Authentication SSH Session Establishment CAC card reader

Demonstration

To reach the router or switch, End-user starts SSH session on their PC Fortress CL Client

User inserts Smart Card Smart card has the user’s credentials

User now clicks “connect button”.

User enters User-ID; Selects Smart Card / CAC button Click on ellipsis button

If end-user has more than one credential, he selects the certificate that he wants to use. Certificates are stored on the smart-card.

Click on connect David.S.Kulwin David.S.Kulwin

End-user enters PIN. Router now has: Certificate and 2. PIN 3. User name 1. SSH handshake now proceeds

SSH session starts from end-user PC to Cisco Router.

For Secure Access: Easy to use two-factor authentication X.509 Certificates for SSH Standards Compliant FIPS certified

For Further Information: Contact your Pragma representative for a demonstration or 30 day trial version [email protected] Contact your Cisco Systems sales representative.