Nortel Networks 5500 series User Manual
Page 34
34
Overview
Table 2
Communication channels in the Nortel SNAS network (cont’d.)
Communication
Communication protocol
From EPM to edge switch
Telnet over SSH
From authorized endpoint to DHCP
server
UDP
Telnet or SSH can be used for management communications between
remote PCs and the Nortel SNAS devices.
About SSH
The Secure Shell (SSH) protocol provides secure and
encrypted communication between the Nortel SNAS and the network
access devices, and between Nortel SNAS devices and remote
management PCs not using Telnet.
SSH uses either password authentication or public key authentication.
With public key authentication, pairs of public/private SSH host keys
protect against "man in the middle" attacks by providing a mechanism for
the SSH client to authenticate the server. SSH clients keep track of the
public keys to be used to authenticate different SSH server hosts.
SSH clients in the Nortel SNAS network do not silently accept new keys
from previously unknown server hosts. Instead, they refuse the connection
if the key does not match their known hosts.
The Nortel SNAS supports the use of three different SSH host key types:
•
RSA1
•
RSA
•
DSA
SSH protocol version 1 always uses RSA1 keys. SSH protocol version
2 uses either RSA or DSA keys.
For management communications in the Nortel SNAS, the Nortel SNAS
can act both as SSH server (when a user connects to the CLI using an
SSH client) and as SSH client (when the Nortel SNAS initiates file or data
transfers using the SCP or SFTP protocols).
For information about managing SSH keys for communication between
the Nortel SNAS and the network access devices, see
.
For information about managing SSH keys for Nortel SNAS management
communications, see
“Configuring Nortel SNAS host SSH keys” (page
.
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100
03.01
Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.