GarrettCom MNS-6K 4.1.4 User Manual

M A G N U M 6 K S W I T C H E S , M N S - 6 K U S E R G U I D E

• The user authentication layer (RFC 4252). This layer handles client authentication and

provides a number of authentication methods. Authentication is client-driven, a fact
commonly misunderstood by users; when one is prompted for a password, it may be the
SSH client prompting, not the server. The server merely responds to client's
authentication requests. Widely used user authentication methods include the following:

o

"password": a method for straightforward password authentication, including a
facility allowing a password to be changed. This method is not implemented by all
programs.

o

"publickey": a method for public key-based authentication, usually supporting at
least DSA or RSA keypairs, with other implementations also supporting X.509
certificates.

o

"keyboard-interactive" (RFC 4256): a versatile method where the server sends one
or more prompts to enter information and the client displays them and sends back
responses keyed-in by the user. Used to provide one-time password authentication
such as S/Key or SecurID. Used by some OpenSSH configurations when PAM is
the underlying host authentication provider to effectively provide password
authentication, sometimes leading to inability to log in with a client that supports
just the plain "password" authentication method. This method is not supported.

o

GSSAPI authentication methods which provide an extensible scheme to perform
SSH authentication using external mechanisms such as Kerberos 5 or NTLM,
providing single sign on capability to SSH sessions. These methods are usually
implemented by commercial SSH implementations for use in organizations,
though OpenSSH does have a working GSSAPI implementation. This method is
not supported.

• The connection layer (RFC 4254). This layer defines the concept of channels, channel

requests and global requests using which SSH services are provided. A single SSH
connection can host multiple channels simultaneously, each transferring data in both
directions. Channel requests are used to relay out-of-band channel specific data, such as
the changed size of a terminal window or the exit code of a server-side process. The SSH
client requests a server-side port to be forwarded using a global request. Standard channel
types include:

o

"shell" for terminal shells, SFTP and exec requests (including SCP transfers)

o

"direct-tcpip" for client-to-server forwarded connections

o

"forwarded-tcpip" for server-to-client forwarded connections

The commands for SSH are

Syntax ssh - enable or disable the server. Also can be used for generating the

key used by ssh

Syntax ssh port= - select a different port number for SSH communication

Syntax show ssh – display the ssh settings

Magnum6K25#

access

46