beautypg.com

Ssh server version 2 support – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 256

background image

238

Multi-Service IronWare Security Configuration Guide

53-1003035-02

SSH server version 2 support

5

Secure Shell (SSH) server is a mechanism for allowing secure remote access to management
functions on a device. The SSH server provides a function similar to Telnet. Users can log into and
configure the device using a publicly or commercially available SSH client program, just as they can
with Telnet. However, unlike Telnet, which provides no security, SSH server provides a secure,
encrypted connection to the device.

SSHv2 is supported on the Brocade device. The SSHv2 implementation is compatible with all
versions of the SSHv2 protocol. At the beginning of an SSH server session, the device negotiates
the version of SSHv2 to be used. The highest version of SSHv2 supported by both the device and
the client is the version that is used for the session. Once the SSHv2 Version is negotiated, the host
key algorithm with highest security ranking is negotiated and then the MAC, Encryption Algorithms
are negotiated.

The maximum of 16 in-bound SSH server sessions are allowed. One out-bound SSH client

session can be established from the device. The outbound session ID is always 17.

Also, the Brocade device supports Secure Copy (SCP) for securely transferring files between a
Brocade device and an SCP-enabled remote host. Refer to

“Using Secure Copy”

for more

information.

NOTE

SSH server and SSH client functionality are disabled by default. To gain access to a device through
SSH server, you must enable it as described in this chapter.

SSH server version 2 support

SSHv2 is a substantial revision of Secure Shell, comprising the following hybrid protocols and
definitions:

SSH server Transport Layer Protocol

SSH server Authentication Protocol

SSH server Connection Protocol

SECSH Public Key File Format

SSH server Fingerprint Format

3DES as the
encryption
algorithm

Yes

Yes

Yes

Yes

Yes

Yes

Yes

AES as the
encryption
algorithm

Yes Yes Yes

Yes

Yes

Yes

Yes

SHA 1 as the MAC
algorithm

Yes

Yes

Yes

Yes

Yes

Yes

Yes

TABLE 33

Supported Secure Shell features (Continued)

Features supported

Brocade
NetIron
XMR
Series

Brocade
MLX Series

Brocade
NetIron CES
2000 Series
BASE
package

Brocade
NetIron CES
2000 Series
ME_PREM
package

Brocade
NetIron CES
2000 Series
L3_PREM
package

Brocade
NetIron CER
2000 Series
Base
package

Brocade
NetIron CER
2000 Series
Advanced
Services
package

See also other documents in the category Brocade Computer Accessories: