2 layer-2 security filters, Layer-2 security filters -6, Table 25-1 ssh session commands -6 – Riverstone Networks WICT1-12 User Manual

25-6 Riverstone Networks RS Switch Router User Guide Release 8.0

Layer-2 Security Filters

Security Configuration

The SSH server on r1 responds with its public host and server keys. The client on r2 checks the received host key to
make sure that the key has not changed since the last SSH session between the client and this server. If the host key is
different from the host key used in the last SSH session with this server, you are asked if you want to continue to
connect to the server. This is a precaution to ensure that the SSH client is connecting to the intended router.

To continue the server connection, the client then encrypts a random number using both the public host and server keys
and sends the encrypted number to the SSH server. Both the SSH server and client will use this random number as a
key to encrypt communications in their session.

If a login password has been configured on the RS, you will be prompted for it. Because communications between the
SSH client and server is now encrypted within the SSH session, the password is secure from other users on the network.
You can use CLI commands in the SSH session as you normally would through a Console or Telnet connection. You
can also use the

slogin

command to access another SSH server on a remote RS.

To end your SSH session, simply type

exit

.

Note

You can use any SSH version 1 client to access the SSH server on the RS. For
example, there are several SSH clients available that run under Windows 95/98.

Monitoring SSH Sessions

The RS allows up to four simultaneous Telnet or SSH sessions. There are commands that allow you to monitor SSH
use on the RS and to end a specific SSH session. You can also specify the number of minutes an SSH connection can
remain idle before the connection is terminated by the control module. The default is 5 minutes. You can disable this
feature, by setting the time-out value to zero.

25.2 LAYER-2 SECURITY FILTERS

Layer-2 security filters on the RS allow you to configure ports to filter specific MAC addresses. When defining a
Layer-2 security filter, you specify to which ports you want the filter to apply. You can specify the following security
filters:

Address filters

These filters block traffic based on the frame's source MAC address, destination MAC
address, or both source and destination MAC addresses in flow bridging mode.
Address filters are always configured and applied to the input port.

Port-to-address lock filters

These filters prohibit a user connected to a locked port or set of ports from using
another port.

Table 25-1 SSH session commands

Display the last five SSH connections to the RS.

system show ssh-access

Specify the time-out value for SSH connections.

system set idle-time-out ssh

<num>

Show current Telnet and SSH users and session IDs.

system show users

End the specified SSH session.

system kill ssh-session

<session-id>