JANOS Help: network

User Interface Getting Started COMMUNICATING In order to configure and program the JNIOR you will need to communicate with it. The JNIOR has no keyboard or display interface. There are ways to interact with the unit both serially and through the network. NETWORK ACCESS In order to fully interact with the JNIOR and use its WebUI you must properly configure the unit to operate on the network. JNIORs are now being shipped from the factory with Dynamic Host Configuration Protocol (DHCP) enabled. With a network supporting DHCP the JNIOR will obtain a valid IP address and automatically configure itself properly for the network. You will still need to determine the IP address that it has been assigned. One unique method uses the orange status LED. If you know the first 3 octets of the IP addressing used by the network you can determine the forth octet and therefore the full IP address assigned to the JNIOR. Connect the JNIOR to the network and power it up. After a couple of minutes disconnect the network connection leaving the unit powered. The status LED will flash the digits of the last octet in Morse Code! See the MORSE_CODE reference for the digit patterns. You can download the JNIOR Support Tool from the Downloads area under Support on the website jnior.com . The Support Tool uses the Beacon Protocol to communicate with JNIORs on the local network segment. The active JNIORs on the network are listed under the Beacon tab. This protocol does not require that the JNIOR have a valid network configuration. A JNIOR even if configured for a foreign network will appear in the list. You can right-click on a JNIOR and select Configure and IP Configuration to establish settings. Once the IP Address of a JNIOR (properly configured for the network) is known you may enter the following URL in a browser to activate the Dynamic Configuration Pages WebUI. http://[IP Address] The WebUI is distributed as the file /flash/www/config.zip and the default setting of the Registry Key /WebServer/Path is /flash/www/config . This allows the simple use of the IP address (or hostname) in the URL to locate the supplied WebUI. If the JNIOR has been previously configured to support a custom Website you may bypass that site and reach the WebUI with the following URL. http://[IP Address]/config The JNIOR supports the HTTPS:// secure protocol as well. FINDING YOUR JNIOR ON THE NETWORK From a Windows system located on the same network leg you may access the JNIOR using its Hostname. Even after you edit the hostname as might be appropriate for your situation you may use the new name or the unit's Birth Name. By default the JNIOR is shipped with its hostname being a combination of the characters 'jr' followed by the unit's serial number. We refer to this as its birth name. This will also work from Linux systems when the Wins name resolution has been enabled. For instance, referring to the label on the rear of a JNIOR we see that its serial number is 615010258. We can enter the following URL: http://jr615010258/ In most cases this will open the WebUI for that JNIOR. The name resolution systems vary from network to network and computer to computer. So your experience may vary. If you redefine the hostname the above will still work and if you replace the birth name with your new host name that should work too. Note that there are constraints on the format for a valid host name. The JNIOR may let you define a name not meeting those requirements and therefore won't work in this context. Typically a device like the JNIOR where you need to go to it with your browser or other network function is termed a 'server'. Servers would normally be assigned a fixed IP Address by those managing the network. If you need to configure a fixed IP address you may use these techniques to first access the unit and then make the changes using the ipconfig command. The Support Tool also provides access to any JNIOR with an unknown IP address or even a JNIOR with an incorrect network configuration. This tool can assist you in configuring JNIORs for other networks or in working with those that have been brought in from a remote site. COMMAND LINE INTERFACE (CLI) The Command Line Interface (CLI) is the basic access point to any operating system. Windows provides a Command Prompt that originated from MS-DOS. Linux based systems rely upon a terminal interface (Ctrl-Alt-T). The JNIOR is no different and JANOS uses a CLI that is modelled closely after both of those. Users familiar with either interface will feel at home. There are many points of access to the command line. In the absence of the network a serial cable may be used as describe in the next section. Over the network the CLI is available as the Console tab in the WebUI, through a Telnet connection, and now also with the Secure Shell (SSH) protocol. SECURE SHELL (SSH) JANOS now supports SSH. This protocol offers a cryptographically secure connection the the JNIOR. It can offer functionality beyond simple terminal access to the CLI and is therefore worth a little more discussion. Currently the JANOS SSH implementation is limited and may not be functional with older SSH client packages. It should work with most fully updated client packages. The SSH command is available from the Windows 10 command prompt; It is functionald from Linux terminals; And, you can use the popular PuTTY program, among others, for an SSH connection. The typical command syntax from a Linux terminal looks like: ssh jnior@10.0.0.239 This makes an SSH connection using the username 'jnior' (by default an Administrator on any JNIOR). On first access to a JNIOR you will see a message like this: The authenticity of host '10.0.0.239 (10.0.0.239)' can't be established. ED25519 key fingerprint is SHA256:idqhzbRVeCP+fVldu20xNWE3kfr/AhSEoenYLTrywwo. Are you sure you want to continue connecting (yes/no/[fingerprint])? If you approve by answering 'yes' the system will store this fingerprint and not confront you again unless this does not remain consistent. After answering in the affirmative it proceeds: Warning: Permanently added '10.0.0.239' (ED25519) to the list of known hosts. jnior@10.0.0.239's password: Here you enter the unit's password (also 'jnior' if default) and the connection is made. XTERM SUPPORT One advantage of the SSH connection is support for dynamic screen dimensions. The screen width and height is conveyed on connection and updated whenever you resize the associated window. In addition the XTERM terminal supports color characters. These are new terminal capabilities for JANOS. As a result during an SSH connection JANOS will highlight the command prompt in green and render errors in some places in red. Some commands can utilize a greater screen width and will adjust their output accordingly. The EDIT editor when used in an SSH session will expand to utilize the entire screen area both in width and height. PUBLIC KEY AUTHENTICATION While you typically authenticate by supplying the valid password for the login account, SSH offers the ability to bind a client computer to the JNIOR using a key pair. In order to do so your computer needs to have such a key pair. This is typically created using the following command: ssh-keygen [options] This is executed on the client computer and options may not be needed. If the command asks you to overwrite an existing key, it is probably a good idea to leave the original in place and simply abort the command. That is proof that a key has already been generated. It may already be in use with other connections. If you overwrite the key you will need to resubmit the new key for all other uses. Once you know there is an SSH key pair, you can submit the public part of the key to the JNIOR. If the this is accepted it will serve as authentication and bypass the need for password entry. The procedure for doing this varies from server to server. The JNIOR provides a built-in command for this purpose. When connection to other Windows or Linux systems the 'ssh-copy-id' command may be executed on the client comupter. This may perform the necessary steps to submit the key. With JANOS you would execute the 'copy-id' command on the remote JNIOR as follows: ssh jnior@10.0.0.239 copy-id jnior@10.0.0.239's password: public key successfully added You will need to authenticate with a valid password. In the background the SSH protocol would have attempted to authenticate using the public key. This built-in command then may add the key to the user's authorized_keys file. Once the client computers public key has been accepted and recorded you may reconnect using SSH without the password requirement from the system. Behind the scenes your connection is authenticated as you prove that you do have the private part of the key matching the recorded public key. While this is a convenience and veryu helpful in executing remote commands, there is complicated cryptography in use which cost in computing time. This type of authentication can be slower than having to entry the password. REMOTE COMMAND EXECUTION While SSH allows you to establish a secure connection to a JNIOR and then to manage that unit through the Command Line Interface, it can also be used to remotely execute commands. Generally the SSH client will process any additional text on its command line as an individual command to be executed on the remote server. For instance if you are able to connect without need for the password entry the following command will simple close ROUT 1 (relay output 1) on the remote JNIOR and return back to the local prompt. ssh jnior@10.0.0.135 jrmon -x c1 This would execute the JRMON command on the remote JNIOR thereby closing the relay. It is important to note that this is not an acceptable replacement for an application to toggle the remote relay using, for instance, the JMP Protocol. Due to the overhead in making the secure SSH connection the execution of the above command can take several seconds. An application using the appropriate protocol however can close that relay within milliseconds. Also, the above command provides no feedback that any relay had actually been activated. An application would have immediate confirmation and would have the opportunity to address any error situation. SERIAL ACCESS In the absence of a network connection you can reach the Command Line Interface (CLI) or Console through the COM serial port. A USB-to-Serial adapter may be used as PCs these days do not provide serial ports. The communications parameters are 115,200 Baud, 8 Data Bits, 1 Stop Bit and No Parity. The IPCONFIG command at the command line can be used to determine and alter the IP configuration of the JNIOR. This command may be necessary in establishing proper network addressing if DHCP or the Support Tool cannot be used. For example: The JNIOR may be connected to the network using a cellular modem or other wireless approach not supporting the broadcast required by the Beacon protocol. The CLI is quite powerful in many ways and not just for configuration although, the network is still required for transferring files either on to, or off of, the device. NOTES A network cable can often be used to connect the JNIOR directly to a PC. The Support Tool running on the PC will locate the JNIOR and allow you to configure the unit. The Telnet application built in to the Support Tool can be used for serial communications. After opening the Telnet tool the Connect button at the bottom offers the serial option. SEE ALSO HELP Topics: MORSE_CODE, BEACON, NETWORK, COM_SERIAL, IPCONFIG [/flash/manpages/manpages.hlp:786]