C
HAPTER
13
| Security Measures
Configuring the Secure Shell
– 343 –
c. If a match is found, the switch uses its secret key to generate a
random 256-bit string as a challenge, encrypts this string with
the user’s public key, and sends it to the client.
d. The client uses its private key to decrypt the challenge string,
computes the MD5 checksum, and sends the checksum back to
the switch.
e. The switch compares the checksum sent from the client against
that computed for the original string it sent. If the two
checksums match, this means that the client's private key
corresponds to an authorized public key, and the client is
authenticated.
Authenticating SSH v2 Clients
a. The client first queries the switch to determine if DSA public key
authentication using a preferred algorithm is acceptable.
b. If the specified algorithm is supported by the switch, it notifies
the client to proceed with the authentication process. Otherwise,
it rejects the request.
c. The client sends a signature generated using the private key to
the switch.
d. When the server receives this message, it checks whether the
supplied key is acceptable for authentication, and if so, it then
checks whether the signature is correct. If both checks succeed,
the client is authenticated.
N
OTE
:
The SSH server supports up to eight client sessions. The maximum
number of client sessions includes both current Telnet sessions and SSH
sessions.
N
OTE
:
The SSH server can be accessed using any configured IPv4 or IPv6
interface address on the switch.
CONFIGURING THE
SSH SERVER
Use the Security > SSH (Configure Global) page to enable the SSH server
and configure basic settings for authentication.
N
OTE
:
A host key pair must be configured on the switch before you can
enable the SSH server. See "Generating the Host Key Pair" on page 345.
CLI REFERENCES
â—† "Secure Shell" on page 831
PARAMETERS
These parameters are displayed:
◆ SSH Server Status – Allows you to enable/disable the SSH server on
the switch.
(Default: Disabled)
To Next Page
Loading...
Need help?
General
