Manualshelf

User Manual

ManualsBrandsCabletron ManualsCables & InterconnectsCabletron Tpfot-2 10BT Transceiver 1 RJ45 Utp to 1 St MMf
61626364656667686970
Secure Shell (ssh) Server
38 Enterasys X-Pedition User Reference Manual
In SSH-1, the stamp is a cyclic redundancy check (CRC-32) of the packet contents. This
type of data validation is commonly used for error detection purposes but does not hold up
to cryptographic standards because it is feasible for an attacker to change the contents of
the packet while maintaining a valid CRC-32 stamp. The X-Pedition protects against this
vulnerability by including a CRC compensation attack detector, but the detector cannot
detect all possible CRC compensation attacks; however, it helps make SSH-1 sessions more
secure.
Use the ssh-server set protocol-version command to specify which protocols to allow on the SSH
server. By default, both SSH-1 and SSH-2 are allowed. The following example uses the ssh-server
set protocol-version command to allow only the SSH-2 protocol:
The ssh-client set protocol-version-preference command or the protocol-version-preference
command-line option can be used to specify which protocols to allow on the client and the
preferred order in which to apply them. By default, the client allows both SSH-1 and SSH-2
protocols, but prefers SSH-2. The following example allows both protocols, but demonstrates how
to change the preference to SSH-1:
Note: SSH client requires firmware version E9.1.0.0 or later.
This can also be accomplished on a per-session basis by using the protocol-version-preference
command-line option:
Host Keys
Host keys are asymmetric encryption keys commonly used in what is known as public key
cryptography. In both versions of the Secure Shell protocol, the SSH server uses unique host keys.
Each host key consists of a pair of keys, generated simultaneously—although the generated keys
are related, one cannot be derived from the other. The first key of the generated pair, the public key,
can be published freely and is used by SSH clients to securely identify the SSH server. The second
key of the generated pair, the secret key, is stored in a safe place and should never be divulged. This
key is used by the SSH server to securely identify itself to SSH clients.
The SSH-2 protocol makes two distinct types of host keys available: the Digital Signature
Algorithm (DSA) and the Rivest-Shamir-Adleman (RSA) algorithm. DSA was developed for the
Digital Signature Standard program administered by the National Institute of Standards and
Technology (NIST). RSA, whose previous patent expired, was added to the SSH-2 protocol to
widen available security options. Both DSA and RSA are NIST-approved digital signature
algorithms.
The SSH-1 protocol uses only one type of host key—an RSA1 key. The RSA1 key is an RSA key
stored in a format that is compatible with the SSH-1 protocol.
xp(config)# ssh-server set protocol-version ssh2
xp(config)# ssh-client set protocol-version-preference ssh1 ssh2
xp# ssh 192.168.1.1 protocol-version-preference ssh1,ssh2