Asante Technologies 40240/40480-10G Generating the Host Key Pair

d. The client uses its private key to decrypt the challenge string , compu tes the

MD5 checksum, and sends the checksum back to the switch.

e. The switch compares the checksum sent from the client ag ainst that

computed for the original string it sent. If the two checksums match, this

means that the client's private key corresponds to an authorized public key,

and the client is authenticated.

Authenticating SSH v2 Clients

a. The client first queries the switch to determine if DSA public key

authentication using a preferred algorithm is acceptable.

b. If the specified algorithm is supported by the switch, it notifies the clien t to

proceed with the authentication process. Otherwise, it rej ects t he req uest.

c. The client sends a signature generated usi ng the priv ate key to the switc h.

d. When the server receives this message, it checks whet her the su pplied ke y

is acceptable for authentication, and if so, it then checks whether the

signature is correct. If both checks succeed, the client is authenticated.

Note:

The SSH server supports up to four client sessions. The maximum number of

client sessions includes both current Telnet sessions and SSH sessions.

Generating the Host Key Pair

A host public/private key pair is used to provide secure co mmun ica tions betwe en an

SSH client and the switch. After generating this key pair, you must provide the host

public key to SSH clients and import the client’s public key to th e switch a s

described in the preceding section (Command Usage).

Field Attributes

• Public-Key of Host-Key – The public key for the host.

- RSA: The first field indicates the size of the host key ( e.g., 1024), th e seco nd

field is the encoded public e xpone nt (e. g., 65537 ), and the last s tring is the

encoded modulus.

- DSA: The first field indicates that the encrypt ion m eth od use d by SSH is based

on the Digital Signature Standard (DSS). The last string is the encoded modulus.

•

Host-Key Type

– The key type used to generate the host key pair (i.e., public and

private keys). (Range: RSA, DSA, Both: Default: Both)

The SSH server uses RSA or DSA for key exch ange whe n the client first

establishes a connection with the switch, and then negotiates wi th the clie nt to

select either DES (56-bit) or 3DES (168-bit) for data encryption.

User Authentication