HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 134

Configuring SSH, Overview, How SSH works

Get HP 6125XLG PDF manuals and user guides View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals

Page 134 highlights

Configuring SSH Overview Secure Shell (SSH) is a network security protocol. Using encryption and authentication, SSH can implement secure remote access and file transfer over an insecure network. Adopting the typical client/server model, SSH can establish a channel to protect data transfer based on TCP. SSH includes two versions: SSH1.x and SSH2.0 (hereinafter referred to as SSH1 and SSH2), which are not compatible. SSH2 is better than SSH1 in performance and security. The device can work as an SSH server to provide services to SSH clients, and can work as an SSH client to allow users to establish SSH connections with a remote SSH server. When acting as an SSH server, the device supports SSH2 and SSH1 in non-FIPS mode and supports only SSH2 in FIPS mode. When acting as an SSH client, the device supports SSH2 only. The device supports the following SSH applications: • Secure Telnet-Stelnet provides secure and reliable network terminal access services. Through Stelnet, a user can securely log in to a remote server. Stelnet can protect devices against attacks, such as IP spoofing and plain text password interception. The device can act as an Stelnet server or an Stelnet client. • Secure File Transfer Protocol-SFTP, based on SSH2, uses SSH connections to provide secure file transfer. The device can serve as an SFTP server, allowing a remote user to log in to the SFTP server for secure file management and transfer. The device can also serve as an SFTP client, enabling a user to log in from the device to a remote device for secure file transfer. • SCP-Based on SSH2, SCP offers a secure approach to copying files. The device can act as an SCP server, allowing a user to log in to the device for file upload and download. The device can also act as an SCP client, enabling a user to log in from the device to a remote server for secure file transfer. How SSH works This section uses SSH2 as an example to list the stages involved in secure session establishment between an SSH client and an SSH server. For more information about these stages, see SSH Technology White Paper. Table 9 Stages involved in secure session establishment Stages Connection establishment Version negotiation Algorithm negotiation Description The SSH server listens to the connection requests on port 22. After a client initiates a connection request, the server and the client establish a TCP connection. The two parties determine a version to use after negotiation. SSH supports multiple algorithms. Based on the local algorithms, the two parties determine the key exchange algorithm for generating session keys, the encryption algorithm for encrypting data, the public key algorithm for digital signature and authentication, and the HMAC algorithm for protecting data integrity. 125

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
125
Configuring SSH
Overview
Secure Shell (SSH) is a network security protocol. Using encryption and authentication, SSH can
implement secure remote access and file transfer over an insecure network. Adopting the typical
client/server model, SSH can establish a channel to protect data transfer based on TCP.
SSH includes two versions: SSH1.x and SSH2.0 (hereinafter referred to as SSH1 and SSH2), which are
not compatible. SSH2 is better than SSH1 in performance and security.
The device can work as an SSH server to provide services to SSH clients, and can work as an SSH client
to allow users to establish SSH connections with a remote SSH server. When acting as an SSH server,
the device supports SSH2 and SSH1 in non-FIPS mode and supports only SSH2 in FIPS mode. When
acting as an SSH client, the device supports SSH2 only.
The device supports the following SSH applications:
Secure Telnet
—Stelnet provides secure and reliable network terminal access services. Through
Stelnet, a user can securely log in to a remote server. Stelnet can protect devices against attacks,
such as IP spoofing and plain text password interception. The device can act as an Stelnet server or
an Stelnet client.
Secure File Transfer Protocol
—SFTP, based on SSH2, uses SSH connections to provide secure file
transfer. The device can serve as an SFTP server, allowing a remote user to log in to the SFTP server
for secure file management and transfer. The device can also serve as an SFTP client, enabling a
user to log in from the device to a remote device for secure file transfer.
SCP
—Based on SSH2, SCP offers a secure approach to copying files. The device can act as an SCP
server, allowing a user to log in to the device for file upload and download. The device can also act
as an SCP client, enabling a user to log in from the device to a remote server for secure file transfer.
How SSH works
This section uses SSH2 as an example to list the stages involved in secure session establishment between
an SSH client and an SSH server. For more information about these stages, see
SSH Technology White
Paper
.
Table 9
Stages involved in secure session establishment
Stages
Description
Connection establishment
The SSH server listens to the connection requests on port 22. After a
client initiates a connection request, the server and the client establish a
TCP connection.
Version negotiation
The two parties determine a version to use after negotiation.
Algorithm negotiation
SSH supports multiple algorithms. Based on the local algorithms, the two
parties determine the key exchange algorithm for generating session
keys, the encryption algorithm for encrypting data, the public key
algorithm for digital signature and authentication, and the HMAC
algorithm for protecting data integrity.