Ssh overview, Support for ssh – Allied Telesis AT-S63 User Manual

Chapter 35: Secure Shell (SSH)

826

Section IX: Management Security

SSH Overview

Secure management is increasingly important in modern networks, as the
ability to easily and effectively manage switches and the requirement for
security are two universal requirements. Switches are often remotely
managed using remote sessions via the Telnet protocol. This method,
however, has a serious security problem—it is only protected by plaintext
usernames and passwords which are vulnerable to wiretapping and
password guessing.

The Secure Shell (SSH) protocol provides encrypted and strongly
authenticated remote login sessions, similar to the Telnet and rlogin
protocols, between a host running a Secure Shell server and a machine
with a Secure Shell client.

The AT-S63 management software features Secure Shell server software
to enable network managers to securely manage the switch over an
insecure network. It offers the benefit of cryptographic authentication and
encryption. Secure Shell can replace Telnet for remote management
sessions.

Support for SSH

The AT-S63 implementation of the SSH protocol is compliant with the
SSH protocol versions 1.3, 1.5, and 2.0.

In addition, the following SSH options and features are supported:

ˆ

Inbound SSH connections (server mode) is supported.

ˆ

The following security algorithms are supported:

– 128-bit Advanced Encryption Standard (AES),

192-bit AES, and 256-bit AES

– Arcfour (RC4) security algorithm is supported.

– Triple-DES (3DES) encryption for SSH sessions is

supported.

ˆ

RSA public keys with lengths of 512 to 2048 bits are supported. Keys
are stored in a format compatible with other Secure Shell
implementations, and mechanisms are provided to copy keys to and
from the switch.

ˆ

Compression of SSH traffic.

The following SSH options and features are not supported:

ˆ

IDEA or Blowfish encryption

ˆ

Nonencrypted Secure Shell sessions

ˆ

Tunnelling of TCP/IP traffic