138 The Command Line Interfacetelnet You will then be prompted to enter a valid user name and password. Formore information about different user accounts and default passwords, see“Accessing the NVG Cluster” (page 140).Establishing a Connection Using SSH (Secure Shell)When accessing the VPN Gateway from a workstation connected to thenetwork using a Telnet connection, it is important to keep in mind thatthe communication channel is not secure. All data flowing back and forthbetween the Telnet client and the VPN Gateway is sent unencrypted(including the password), and there is no server host authentication.By using an SSH client to establish a connection over the network, thefollowing benefits are achieved:• Server host authentication• Encryption of passwords for user authentication• Encryption of all traffic that is transmitted over the network whenconfiguring or collecting information from the VPN GatewayEnabling and Restricting SSH AccessSSH access to the VPN Gateway is disabled by default. However,depending on the severity of your security policy, you may want to enableSSH access. You may also restrict SSH access to one or more specificmachines.For more information about how to enable SSH access, see the sshcommand in the "Administrative Applications Configuration " sectionunder Configuration Menu>System Configuration in the CommandReference. For more information about how to restrict SSH access to oneor more specific machines, see the add command in the "System AccessConfiguration " section in the same chapter.Running an SSH ClientConnecting to the VPN Gateway using a SSH client is similar toconnecting through Telnet. As with Telnet, the IP parameters on theVPN Gateway need to be configured in advance and SSH accessmust be enabled. After providing a valid user name and password, thecommand line interface in the VPN Gateway is accessible the sameway as when using a Telnet client. However, because a secured andencrypted communication channel is set up even before the user nameand password is transmitted, all traffic sent over the network whileNortel VPN GatewayUser GuideNN46120-104 02.01 Standard14 April 2008Copyright © 2007-2008 Nortel Networks.