December 2000 4 - 1
Chapter 4
Configuring Secure Shell
Secure Shell (SSH) is a mechanism for allowing secure remote access to management functions on a Foundry
device. SSH provides a function similar to Telnet. Users can log into and configure the device using a publicly or
commercially available SSH client program, just as they can with Telnet. However, unlike Telnet, which provides
no security, SSH provides a secure, encrypted connection to the device.
SSH supports Arcfour, IDEA, Blowfish, DES (56-bit) and Triple DES (168-bit) data encryption methods. Nine
levels of data compression are available. You can configure your SSH client to use any one of these data
compression levels when connecting to a Foundry device.
Foundry devices also support Secure Copy (SCP) for securely transferring files between a Foundry device and
SCP-enabled remote hosts. See “Using Secure Copy” on page 4-9 for more information.
NOTE: SSH is supported on the following Foundry devices:
• NetIron Internet backbone routers
• BigIron Chassis devices with Management II or higher modules
• FastIron II and FastIron II Plus (switch and basic Layer 3 code only)
• NetIron Layer 3 Switch (stackable, octal version)
• FastIron Workgroup Layer 2 Switch (8MB models only, switch code only)
NOTE: Foundry’s implementation of SSH supports SSH version 1 only. All references to SSH in this document
are to SSH version 1.
Foundry’s implementation of SSH supports two kinds of user authentication:
• RSA challenge-response authentication, where a collection of public keys are stored on the device. Only
clients with a private key that corresponds to one of the stored public keys can gain access to the device using
SSH.
• Password authentication, where users attempting to gain access to the device using an SSH client are
authenticated with passwords stored on the device or on a TACACS/TACACS+ or RADIUS server
Both kinds of user authentication are enabled by default. You can configure the device to use one or both of them.
Configuring Secure Shell on a Foundry device consists of the following steps:
1. Setting the Foundry device’s host name and domain name
2. Generating a host RSA public and private key pair for the device
To Next Page
Loading...
Need help?
General
