HP StorageWorks MSA 2/8 HP StorageWorks Fabric OS Procedures V3.1.x/4.1.x User - Page 94

Basic Security in FOS prevent, or even detect, these attempts to sniff passwords. Secure Shell (SSH), is an alternative to Telnet, and uses strong encryption to prevent password sniffing and enhance the privacy of the management link. SSH encrypts all messages, including the client sending the password at login time. This is a significant improvement over the basic telnet and sectelnet, which encrypts only the login password. The SSH package contains a daemon (sshd) which runs on the switch, and is very similar to telnetd except that all messages are encrypted. The SSH daemon supports a wide variety of encryption algorithms, such as Data Encryption Standard (DES), AES, etc. The daemon requires keys (public/private) for encryption. These keys are generated by a program called ssh-keygen when the openssh RPM is installed. The keys are saved to files in /etc directory and sshd will read them on startup. Supported Versions and Features: ■ officially support ssh2. ssh2 uses DSA key for authentication. The DSA authentication key is 1024 bits. ■ The daemon will run under root identity. ■ A user cannot save their public keys on the switch. A password is the only method of authentication. ■ the following default ciphers for session encryption are supported: AES128-CBC, 3DES-CBC, Blowfish-CBC, Cast128-CBC, and RC4. ■ the following HMACs are supported: HMAC-MD5, HMAC-SHA1, HMAC-SHA1-96, HMAC-MD5-96. Note: If you telnet to another machine, and then start a SSH session inside that telnet session, the telnet traffic is still in clear text and not secure. Note: The FTP protocol is not secure. When you FTP to or from the switch, the contents are in clear text. This includes the remote FTP server's login and password. This limitation affects the following commands: savecore, configupload, configdownload, and firmwaredownload. 94 Fabric OS Procedures Version 3.1.x/4.1.x User Guide