In this section:

Note

The following section is only applicable to the DSC Platform.

This section provides you with the procedures to establish an SSH tunnel between your Common Channel Signaling (CCS) Operating System (OS) Node, also referred to as Signaling Network Activation Manager (SNAM), and the Ribbon DSC 8000.

Before you can configure the SSH tunnel, you must create a user with an appropriate user profile (SS7ADMIN) with a username (for example, stpuser1) and password (as required).

The existing ss7user cannot be used to setup this tunnel. For more information about creating users and assigning user profiles and passwords, it is highly recommended that you review the System Administration in the DSC - SP2000 Platform Manager User Guide.

To make sure that an SSH tunnel is always available to the DSC 8000, it is recommended that you implement the SSH command in a while loop. To make sure that this loop works properly without any manual interaction, follow the instructions in To setup an SSH key for establishing an SSH tunnel from an CCS OS Node to the DSC 8000 without a password prompt.

It is recommended that you execute the procedures in the same order as these procedures are provided. Otherwise, the system may not behave as expected.

To create an SS7ADMIN user

  1. Log onto the DSC 8000 as root.

  2. From the Main Menu, click Users.
         

      
  3. Click Add User.
        

      

  4. Enter the information as required, and click Continue. You are prompted to confirm the changes.

     

    Tip

    stpuser1 is an example username for an SS7ADMIN user

       

  5. Click Continue.

To assign a user profile and associated privileges

  1. From the Main Menu, click Users.

  2. Click User Profiles.
     

       
  3. Click UNPROFILED.
       

         
  4. Click the user to whom you want to assign a user profile (stpuser1).
       

             
  5. Using the Profile drop-down list, select the SS7ADMIN user profile.

  6. Click Continue. You are prompted to confirm the changes.

  7. Click Continue.

To generate an SSH key for establishing an SSH tunnel from an CCS OS Node to the DSC 8000 without a password prompt

  1. Login to the CCS OS Node as root.

     

  2. If you have not already done so, generate an ssh key on the CCS OS Node for the local user by entering the following: 

    CCS OS Node> has been added to identify where the prompts is being executed. Remove before executing the prompt.

    CCS OS Node>
ssh-keygen -t rsa
Generating public/private rsa key pair.

          

  3. Press ENTER and accept the default directory that appears.

  4. Enter passphrase (empty for no passphrase) and press ENTER.

  5. Enter same passphrase again and press ENTER.

    CCS OS Node>
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.

To configure the SSH key of the local user on the CCS OS Node to the DSC 8000

Before proceeding, ensure the SNAMI is configured and activated on the DSC 8000 to establish SSH tunnel connection.

Note

Dynamically start the SSH tunnel connection by creating a cron job on the CCS OS Node to automatically run the ssh -v command. If you manually bring up the tunnel and then close the window, the connection will drop and prevent the SNAMI from provisioning with the DSC 8000.

Part 1 - To configure the SSH Key for Management CPU Slot 2

  1. ssh to the DSC 8000 as the new user (for example, stpuser1). 

    Note

    In this procedure, the new user is referred to as stpuser1.

    Remember to replace all stpuser1 in the following procedure with the SS7ADMIN username you created for the SSH tunnel.

    DSC 8000> and CCS OS Node> have been added to identify where the prompts are being executed. Remove before executing the prompts.

    CCS OS Node> ssh stpuser1@<mgmt_cpu1 IP address>

             

  2. Follow the prompts to configure the permanent password.

  3. Log out as the SS7ADMIN user.

  4. Log onto the DSC 8000 Management CPU slot 2 as root user.        

    It is recommended that you do not use the shared IP address for logging onto the DSC 8000.

           

  5. Create the following directory:     

    DSC 8000> mkdir -m 755  -p /opt/cpu1_ss7gw/current/data/users/stpuser1/.ssh

           

  6. Change the default home directory for the <SS7ADMIN username> on the DSC 8000.     

    DSC 8000> usermod -m -d /opt/cpu1_ss7gw/current/data/users/stpuser1 stpuser1

        

  7. Copy the ssh key of the local user from the CCS OS Node to the DSC 8000. You are prompted to confirm the password when secure copying (scp) the file from the CCS OS Node to the DSC 8000.   

    CCS OS Node> scp ~/.ssh/id_rsa.pub root@<mgmt_cpu1 IP address>:/opt/cpu1_ss7gw/current/data/users/stpuser1/.ssh/authorized_keys

       

  8. From CCS OS Node, SSH to the DSC 8000 Management CPU slot 2 with the SS7ADMIN username created for the tunnel. You should not have any prompts.

    CCS OS Node> ssh stpuser1@<mgmt_cpu1 IP address>

Part 2 - To configure the SSH Key for Management CPU Slot 13

  1. Log onto the DSC 8000 Management CPU slot 13 as root and create the following directory:

    Note

    In this procedure, the new user is referred to as stpuser1.

    Remember to replace all stpuser1 in the following procedure with the SS7ADMIN username you created for the SSH tunnel.

    DSC 8000> and CCS OS Node> have been added to identify where the prompts are being executed. Remove before executing the prompt.

    DSC 8000> mkdir -m 755  -p /opt/cpu2_ss7gw/current/data/users/stpuser1/.ssh

         

  2. Change the default home directory for the SS7ADMIN username on the slot 13 Management CPU on the DSC 8000.  

    DSC 8000> usermod -m -d /opt/cpu2_ss7gw/current/data/users/stpuser1 stpuser1

         

  3. Copy the ssh key of the local user from the CCS OS Node to the DSC 8000. You are prompted to confirm the password when secure copying (scp) the file from the CCS OS Node to the DSC 8000.     

    CCS OS Node> scp ~/.ssh/id_rsa.pub root@<mgmt_cpu2 IP address>:/opt/cpu2_ss7gw/current/data/users/stpuser1/.ssh/authorized_keys

          

  4. From CCS OS Node, SSH to the DSC 8000 Management CPU slot 13 with the SS7ADMIN username created for the tunnel. You should not have any prompts.

    CCS OS Node> ssh stpuser1@<mgmt_cpu2 IP address>

To establish the SSH tunnel

  1. Locally set up the SSH tunnel on the CCS OS Node to the DSC 8000 by executing the following command:

    Tip

    The local CCS OS Node port 7777 is an example and can be any free port on the CCS OS Node.

    Port 8611 references the SNAMI connection for the particular NA. In the following example, the port would be

    ssh -v stpuser1@<Shared Management IP of DSC 8000> -N -L 7777:<Shared Management IP of DSC 8000>:8611

    CCS OS Node> ssh -v stpuser1@<Shared Management IP of DSC 8000> -N -L 7777:<Shared Management IP of DSC 8000>:8611

    Each connection from the SNAM to a different NA requires a new SSH tunnel setup on the SNAM. For each connection a new key is NOT required.

If a warning for remote host key identification appears, perform the following steps:

  1. In the path provided in the warning message, open the known_hosts file on the CCS OS Node.

  2. Delete the entry referenced in the warning message, as required. 

      

  3. Save and execute the following command to establish the SSH tunnel again.

    CCS OS Node> ssh -v stpuser1@<Shared Management IP of DSC 8000> -N -L 7777:<Shared Management IP of DSC 8000>:8611

If you require additional information, try one of the following:

  • No labels