Encryption of management messages, Scp services – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

108

n

Chapter 5: Secure Switch Management

212777-A, February 2002

N

OTE

–

There can be a maximum number of four simultaneous Telnet/SSH/SCP connections

at one time. The

/cfg/sys/radius/telnet

command also applies to SSH/SCP connec-

tions.

Encryption of Management Messages

The supported encryption and authentication methods for both SSH and SCP are listed below:

Server Host Authentication:

Client RSA authenticates the switch at the beginning of
every connection

Key Exchange:

RSA

Encryption:

3DES-CBC, DES

User Authentication:

Local password authentication, RADIUS,

SecurID

(via

RADIUS, for SSH only—does not apply to SCP)

SCP Services

Administrator privileges are required to perform SCP commands. Set the SCP admin password
(this password must be different from the admin password).

The following SCP commands are supported in this service. These commands are entered
using the CLI on the client that is running the SCP application:

n

getcfg

is used to download the switch's configuration to the remote host via SCP.

n

putcfg

is used to upload the switch's configuration from a remote host to the switch; the

diff

command will be automatically executed at the end of

putcfg

to notify the remote

client of the difference between the new and the current configurations.

n

putcfg_apply

will run the

apply command

after the

putcfg

is done.

n

putcfg_apply_save

saves the new configuration to the flash after

putcfg_apply

is done.

The

putcfg_apply

and

putcfg_apply_save

commands are provided because extra

apply

and

save

commands are usually required after a

putcfg

; however, an SCP session

is not in an interactive mode at all.