Manualshelf

3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
771772773774775776777778779780
71
SSH TERMINAL SERVICES
SSH Terminal Services
Introduction to SSH Secure Shell (SSH) can provide information security and powerful authentication to
prevent such attacks as IP address spoofing, plain-text password interception
when users log on to the Switch remotely through an insecure network.
As an SSH server, a switch can connect to multiple SSH clients; as an SSH client, a
switch can establish SSH connections with switches or UNIX hosts that support
SSH server.
Currently, the Switch 7750 supports SSH2.0 (compatible with SSH1.5).
The communication process between the server and client includes these five
stages:
1 Version negotiation stage. These operations are completed at this stage:
The client sends TCP connection requirement to the server.
When TCP connection is established, both ends begin to negotiate the SSH
version.
If they can work together in harmony, they enter the key algorithm negotiation
stage. Otherwise the server clears the TCP connection.
2 Key algorithm negotiation stage. These operations are completed at this stage:
The server and the client send key algorithm negotiation packets to each other,
which include the supported public key algorithm list, encryption algorithm list,
MAC algorithm list, and compression algorithm list.
Based on the received algorithm negotiation packets, the server and the client
figure out the algorithms to be used.
The server and the client use the DH key exchange algorithm and parameters
such as the host key pair to generate the session key and session ID.
Through the above steps, the server and the client get the same session key, which
is to be used to encrypt and decrypt data exchanged between the server and the
client later. The server and the client use session ID in the authentication stage.
3 Authentication method negotiation stage.
The client sends an authentication request carrying the username and
authentication method to the server. The server starts to authenticate the user.
SSH supports two authentication types: password authentication and RSA
authentication.