AT-9000 Switch Command Line User’s Guide
Section XI: Management Security 1131
Support for SSH
The implementation of the SSH protocol on the switch is compliant with
the SSH protocol versions 1.3, 1.5, and 2.0.
In addition, the following SSH options and features are supported:
Inbound SSH connections (server mode) is supported.
The following security algorithms are supported:
– 128-bit Advanced Encryption Standard (AES),
192-bit AES, and 256-bit AES
– Arcfour (RC4) security algorithm is supported.
– Triple-DES (3DES) encryption for SSH sessions is
supported.
RSA public keys with lengths of 512 to 2048 bits are supported. Keys
are stored in a format compatible with other Secure Shell
implementations.
Compression of SSH traffic.
The switch uses well-known port 22 as the SSH default port.
The following SSH options and features are not supported:
IDEA or Blowfish encryption
Nonencrypted Secure Shell sessions
Tunnelling of TCP/IP traffic
Guidelines Here are the guidelines to using SSH to manage the switch:
The switch must have a management IP address. For background
information, refer to Chapter 9, “IPv4 and IPv6 Management
Addresses” on page 201.
The management workstations with the SSH clients must be members
of the same subnet as the management IP address of the switch or
have access to it through routers or other Layer 3 devices.
If the SSH clients are not members of the same subnet as the switch’s
management IP address, the switch must have a default gateway. This
is the IP address of an interface on a router or other Layer 3 routing
device that is the first hop to reaching the subnets of the Telnet clients.
For background information, refer to Chapter 9, “IPv4 and IPv6
Management Addresses” on page 201.
The SSH server uses protocol port 22. This parameter cannot be
changed.
To Next Page
Loading...
