beautypg.com

Ssh2 unsupported features, Ssh2 authentication types, Configuring ssh2 – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 83

background image

• Encryption is provided with 3des-cbc , aes128-cbc , aes192-cbc or aes256-cbc . AES encryption

has been adopted by the U.S. Government as an encryption standard.

• Data integrity is ensured with hmac-sha1.
• Supported authentication methods are Password , interactive, and Key authentication.
• Five inbound SSH connection at one time are supported.
• Five outbound SSH is supported.

SSH2 unsupported features

The following are not supported with SSH2:

• Compression
• TCP/IP port forwarding, X11 forwarding, and secure file transfer
• SSH version 1

SSH2 authentication types

The Brocade implementation of SSH2 supports the following types of user authentication:

• DSA challenge-response authentication , where a collection of public keys are stored on the device.

Only clients with a private key that corresponds to one of the stored public keys can gain access to
the device using SSH.

• RSA challenge-response authentication , where a collection of public keys are stored on the device.

Only clients with a private key that corresponds to one of the stored public keys can gain access to
the device using SSH.

• Password authentication , where users attempting to gain access to the device using an SSH client

are authenticated with passwords stored on the device or on a TACACS or TACACS+ server or a
RADIUS server.

• Interactive-authentication
• Keyboard-interactive authentication

Configuring SSH2

You can configure the device to use any combination of these authentication types. The SSH server
and client negotiate which type to use.

To configure SSH2, follow these steps:

1. Generate a host Digital Signature Algorithm (DSA) or Ron Rivest, Adi Shamir and Leonard Adleman

Algorithm (RSA), and private key pair for the device.

See the section

Enabling and disabling SSH by generating and deleting host keys

on page 84.

2. Configure DSA or RSA challenge-response authentication.

See the section

Configuring DSA or RSA challenge-response authentication

on page 86.

3. Set optional parameters.

See the section

Optional SSH parameters

on page 88.

SSH2 unsupported features

FastIron Ethernet Switch Security Configuration Guide

83

53-1003088-03

See also other documents in the category Brocade Computer Accessories: