Ssh server, Ssh clients, Ssh and enhanced stacking – Allied Telesis AT-S63 User Manual
Page 821: Ssh server ssh clients ssh and enhanced stacking
AT-S63 Management Software Menus Interface User’s Guide
Section VIII: Management Security
821
Note
Non-encrypted Secure Shell sessions serve no purpose.
SSH Server
When the SSH server is enabled, connections from SSH clients are
accepted. When the SSH server is disabled, connections from SSH clients
are rejected by the switch. Within the switch, the AT-S63 management
software uses well-known port 22 as the SSH default port.
Note
If your switch is in a network that is protected by a firewall, you may
need to configure the firewall to permit SSH connections.
The SSH server accepts connections from configured users only.
Acceptable users are those with a Manager or Operator login as well as
users configured with the RADIUS and TACACS+ protocols. You can add,
delete, and modify users with the RADIUS and TACACS+ feature. For
information about how to configure RADIUS and TACACS+, see “Enabling
or Disabling Server-based Management Authentication” on page 834.
SSH encryption key management is implemented by the Encryption
(ENCO) protocol. For information on how to create encryption keys, see
Chapter 33, “Encryption Keys” on page 763.
SSH Clients
The SSH protocol provides a secure connection between the switch and
SSH clients. After you have configured the SSH server, you need to install
SSH client software on your management PC. The AT-S63 management
software supports both SSH1 and SSH2 clients.
You can download client software from the Internet. Two popular SSH
clients are PuTTY and CYGWIN. To install SSH client software, follow the
directions from the vendor.
After you have configured the SSH client software, you can use the client
software to log in to the SSH server on the switch to start either a manager
or operator management session. The SSH server can support up to one
manager session and eight operator sessions at one time.
SSH and
Enhanced
Stacking
The AT-S63 management software allows for encrypted SSH
management sessions between a management station and a master
switch of an enhanced stack, but not with slave switches, as explained in
this section.
When you remotely manage a slave switch, all management
communications are conducted through the master switch using the
enhanced stacking feature. Management packets from your workstation
are first directed to the master switch before being forwarded to the slave
switch. The reverse is true as well. Management packets from a slave