Chapter 8 User Authentication
SSH Protocol Support
Introduction to SSH
SSH (Secure Shell) protocol is a security protocol that enables establishing a remote session over a secured tunnel, also called a remote shell. SSH accomplishes this by creating a transparent encrypted channel between the local and remote devices. In addition to remote shell, SSH also provides secure file transfer between the local and remote devices.
SSH uses password authentication.
A maximum of two SSH sessions can be active per router module in the stack, with two additional active SSH sessions per stack. For example, if a stack contains three router modules, a maximum of eight SSH sessions can be active on the stack.
The P330 agent reports SSH sessions opened to it. In addition, each router module reports the SSH sessions opened to its router interface. The user can disconnect selected SSH sessions.
The SSH
•SSH client connection:
—The P330 generates a key of variable length
—The P330 calculates an MD5 Hash of the public key, called a fingerprint. The fingerprint is always 16 bytes long. This fingerprint is displayed.
—The P330 sends the public key (i.e., the fingerprint,) to the client computer. This public key is used by the client to encrypt the data it sends to the P330. The P330 decrypts the data using the private key.
—Both sides negotiate and must agree on the same chipper type. The P330 only supports
—The client chooses a random number that is used to encrypt and decrypt the information sent.
—This random number is sent to the P330, after encryption based on the P330’s public key.
—When the P330 receives the encrypted random number, it decrypts it using the private key. This random number is now used with the
•User Authentication:
—Before any data is transferred, the P330 requires the client to supply a user name and password. This authenticates the user on the client side to the P330.
46 | Avaya |
