LANtronix --------------------------- Secure Console Server --------------------------- Software Revision Notes --------------------------- Version 1.0/4 November 26, 2001 Copyright 2001, Lantronix Release notes are also available via the Lantronix web site (www.lantronix.com) and via anonymous FTP from ftp.lantronix.com. Contact Lantronix or your reseller for more information. This document describes the Lantronix Secure Console Server V1.0/4 software release. Release Summary =============== These release notes will document new features added and problems corrected since the V1.0/2 software release. Supported Platforms ------------------- V1.0/4 provides secure console functionality on the SCS200, SCS1600 and SCS3200 hardware platforms. New Features ============ The following is a list of new features in V1.0/4. Serial Break Handling --------------------- The ability to specify an alternate break (AltBreak) character has been added. This is for configurations with a terminals that cannot generate a break condition, telnet clients that cannot generate a break IAC sequence and SSH connections. To specify the alternate break character use the command syntax: SET/DEF PORT BREAK CHARACTER [ | NONE] where is a single character enclosed in quotes. Non-printable characters can be specified by using the notation \xx where "xx" is the hexadecimal representation of the character. The "SHOW PORT" command displays the current setting. The default port break character is for incoming network connections. There are actually two configuration options that work together to control breaks. The alternate break character defines which keystroke acts like a break and the SET/DEF PORT BREAK [local | remote | none] controls where the break condition is processed. In addition, for incoming telnet and SSH sessions the serial port configuration is based on the settings of port 0, the template port. There are several scenarios of how break handling works. Each will be described individually. User on a SCS serial port telnets to a network host. o If the port is set Break=Local, typing the AltBreak character will return them to the local prompt just like receiving a break condition on the serial port. o If Break=Remote, the SCS will transmit a Telnet Break IAC sequence to the host. User on a SCS serial port SSH's to a network host. o If the port is set Break=Local, typing the AltBreak character will return them to the local prompt just like receiving a break condition on the serial port. o If Break=Remote, nothing will happen, as there is no way to propogate a break across a SSH connection. User on a SCS serial port issues a "CONNECT LOCAL" command to serial port 7. Note that port 7's break settings are not applicable. o If port 1 is set Break=Local, typing the AltBreak character will return them to the local prompt. o If port 1 is set Break=Remote, typing the AltBreak character will cause a break condition to be generated on port 7. User telnets into the SCS, has a default AltBreak character from template port 0 and is sitting at the local prompt. o If the user presses the AltBreak character, nothing happens. Breaks are ignored at the Local> prompt. User telnets or SSH's into the SCS, has a default AltBreak character from port 0 and has issued a "connect local" command to connect to port 7. Note that port 7's break settings are not applicable. o If the user presses the AltBreak character and the template port (port 0) settings are Break=Local, the user will be returned to the Local prompt. o If the user presses the AltBreak character and the template port settings are Break=Remote, a break condition will be generated on port 7. User forms a TCP connection from a host to port 7 on the SCS using socket 2007 and the AltBreak character has been defined on port 7. (Note that the 20xx range of sockets performs Telnet IAC interpretation.) o If the AltBreak character is detected in the datastream from the host and if port 7 has Break=Remote, a serial break condition will be generated on the port. o If the AltBreak character is detected in the datastream from the host, if port 7 has Break=Local, nothing happens. o If a break condition is detected on the serial port and port 7 has Break=Remote, a Telnet Break IAC will be sent on the network connection. o If a break condition is detected on the serial port and port 7 has Break=Local, nothing happens User forms a TCP connection from a host to port 7 on the SCS using socket 3007 and the AltBreak character has been defined on port 7. (Note that the 30xx range of sockets is 8-bit clean.) o If the AltBreak character is detected in the datastream from the host, if port 7 has Break=Remote, a serial break condition will be generated on the port. o If the AltBreak character is detected in the datastream from the host, if port 7 has Break=Local, nothing happens. o If a break condition is detected on the serial port, nothing will happen as there is no way to propogate a break across an 8-bit clean connection. Incoming Security ----------------- The ability to individually enable/disable the FTP and web server have been added. Use the commands: DEFINE PROTO HTTP [ENABLED | DISABLED] DEFINE PROTO FTP [ENABLED | DISABLED] By default, both the HTTP server and the FTP server functionality is enabled. The ability to completely disable all non-encrypted connections to the SCS has been added. Use the command: DEFINE SERVER INCOMING SECURE If this characteristic is enabled, incoming telnet connections, incoming rlogin connections, connections to the remote console port (port 7000) and connections directly to the serial ports using either telnet (20xx sockets) or TCP (30xx sockets) are disabled. In addtion, connections to the Finger, Discard, Charget and Echo listeners are disabled. Note that if the "incoming secure" characteristic is enabled, EZWebCon will not be able to extract or restore server configuration information. The ability to abort a connection attempt if any authentication method failed has been added. Use the command: DEFINE AUTHENTICATION STRICTFAIL By default if multiple authentication methods are configured and a method fails to authenticate a user, authentication attempts will continue until either the user is successfully authenticated or all methods fail. Miscellaneous ------------- The ability to have multiple line titles in menu mode has been added. Up to five lines of "Menu title" information can be specified in the menu control file. The command "SHOW IP COUNTERS" has been added and the IP counters have been removed from the show IP page. The ability to manually force DTR to be deasserted for a specific period of time has been added. Use the command: TEST PORT DTR DELAY