348
Configuring SSH
Overview
Secure Shell (SSH) is a network security protocol. Using encryption and authentication, SSH
implements remote login and file transfer securely over an insecure network.
SSH uses the typical client/server model, establishing a channel to protect data transfer based on
TCP.
SSH includes two versions: SSH1.x and SSH2.0 (hereinafter referred to as SSH1 and SSH2), which
are not compatible. SSH2 is better than SSH1 in performance and security.
The device can not only work as an SSH server to provide services to SSH clients, but can also work
as an SSH client to allow users to establish SSH connections with a remote SSH server. When
acting as an SSH server, the device supports SSH2 and SSH1 in non-FIPS mode, and supports only
SSH2 in FIPS mode. When acting as an SSH client, the device supports SSH2 only.
The device supports the following SSH applications:
• Stelnet—Provides secure and reliable network terminal access services. Through Stelnet, a
user can log in to a remote server securely. Stelnet protects devices against attacks such as IP
spoofing and plain text password interception. The device can act as both the Stelnet server
and Stelnet client.
• SFTP—Based on SSH2, SFTP uses the SSH connection to provide secure file transfer. The
device can serve as the SFTP server, allowing a remote user to log in to the SFTP server for
secure file management and transfer. The device can also serve as an SFTP client, enabling a
user to log in from the device to a remote device for secure file transfer.
• SCP—Based on SSH2, SCP offers a secure method for copying files. The device can act as the
SCP server, allowing a user to log in to the device for file upload and download. The device can
also act as an SCP client, enabling a user to log in from the device to a remote server for secure
file transfer.
How SSH works
This section uses SSH2 as an example.
To establish an SSH connection and communicate with each other through the connection, an SSH
client and an SSH server go through the stages listed in Table 18. For more information about
these
stages, see SSH Technology White Paper.
Table 18 Stages of secure session establishment
Stages Description
Connection establishment
The SSH server listens to the connection requests on port 22. After a client
initiates a connection request, the server and the client establish a TCP
connection.
Version negotiation The two parties determine a version to use after negotiation.
Algorithm negotiation
SSH supports multiple algorithms. Based on the local algorithms, the two
parties determine the key exchange algorithm for generating session keys,
the encryption algorithm for encrypting data, public key algorithm for digital
signature and authentication, and the HMAC algorithm for protecting data
integrity.
To Next Page
Loading...
Need help?
General
