Router User Manual
9 Telnet and SSH
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration
Nortel Networks Inc. Issue 5.3 (30 March 2009)
In this way, the server and the client have the same session keys to guarantee session
security.
z
Negotiating authentication mode
After the session key is calculated, the server must authenticate the client.
The client sends identity information to the server.
If nonauthentication mode is configured on the server, a session request is performed.
If authentication mode is configured on the server, the client sends the authentication
request to the server. The authentication succeeds, or the connection is interrupted
because of timeout.
The SSH server provides the following authentication modes:
− Password authentication: The server compares the configured password with that
from the client; if they match, authentication succeeds.
− RSA authentication: Configure the RSA public key for the client on the server. The
SSH client first sends its RSA public key modulo to the server. The server then
authenticates the modulo, generates a number randomly, encrypts the number with
the RSA public key of the client, and sends the encrypted number to the client. The
server and the client both calculate the key based on the number randomly generated.
The client calculates the number used by the server to authenticate the client and
sends the result to the server. The server then compares the received result with that
locally calculated. If they are the same, the authentication succeeds.
z
Sending the session request
After authentication succeeds, the client sends the session request to the server. The
server then processes this request and the interactive session begins.
z
Starting the interactive session
In the interactive session, the server and the client encrypt and decrypt data with the
session key.
9.2 Configuring Telnet terminal services
9.2.1 Establishing the configuration task
Applicable environment
When you log on to a router through Telnet to manage or maintain the router, configure the
Telnet terminal services.
Preconfiguration tasks
Before you configure Telnet terminal services, complete the following tasks:
z
Power on the router.
z
Configure the IP addresses for interfaces of the router.
z
Configure users, authentication modes, and call-in or call-out restrictions.
z
Configure a reachable route between the terminal and the router.
9-6