R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

331

332

333

334

335

336

337

338

339

340

319

Configuring SSH

Overview

Secure Shell (SSH) is a network security protocol. Using encryption and authentication, SSH can

implement secure remote access and file transfer over an insecure network.

SSH uses the typical client-server model to establish a channel for secure data transfer based on TCP.

SSH includes two versions: SSH1.x and SSH2.0 (hereinafter referred to as SSH1 and SSH2), which are

not compatible. SSH2 is better than SSH1 in performance and security.

The device can work as an SSH server or as an SSH client. When acting as an SSH server, the device

provides services for SSH clients and supports the following SSH versions:

• SSH2 and SSH1 in non-FIPS mode

• SSH2 in FIPS mode

When acting as an SSH client, the device supports SSH2 only. It allows users to establish SSH

connections with an SSH server.

The device supports the following SSH applications:

• Secure Telnet—Stelnet provides secure and reliable network terminal access services. Through

Stelnet, a user can securely log in to a remote server. Stelnet can protect devices against attacks,

such as IP spoofing and plain text password interception. The device can act as an Stelnet server or

an Stelnet client.

• Secure File Transfer Protocol—SFTP, based on SSH2, uses SSH connections to provide secure file

transfer. The device can serve as an SFTP server, allowing a remote user to log in to the SFTP server

for secure file management and transfer. The device can also serve as an SFTP client, enabling a

user to log in from the device to a remote device for secure file transfer.

• Secure copy—SCP, based on SSH2, offers a secure method to copy files. The device can act as an

SCP server, allowing a user to log in to the device for file upload and download. The device can

also act as an SCP client, enabling a user to log in from the device to a remote device for secure file

transfer.

How SSH works

This section uses SSH2 as an example to describe the stages to establish an SSH session. For more

information about these stages, see SSH Technology White Paper.

Table 13 Stages to establish an SSH session

Sta

es Descri

tion

Connection establishment

The SSH server listens to the connection requests on port 22. After a

client initiates a connection request, the server and the client establish a

TCP connection.

Version negotiation The two parties determine a version to use after negotiation.