beautypg.com

Ssh protocol support, Introduction to ssh – Avaya Stackable Switch P3343T-ML User Manual

Page 62

background image

Chapter 8 User Authentication

46

Avaya P334T-ML User’s Guide

SSH Protocol Support

Introduction to SSH

SSH (Secure Shell) protocol is a security protocol that enables establishing a remote
session over a secured tunnel, also called a remote shell. SSH accomplishes this by
creating a transparent encrypted channel between the local and remote devices. In
addition to remote shell, SSH also provides secure file transfer between the local
and remote devices.
SSH uses password authentication.
A maximum of two SSH sessions can be active per router module in the stack, with
two additional active SSH sessions per stack. For example, if a stack contains three
router modules, a maximum of eight SSH sessions can be active on the stack.
The P330 agent reports SSH sessions opened to it. In addition, each router module
reports the SSH sessions opened to its router interface. The user can disconnect
selected SSH sessions.
The SSH session-establishment process is divided into the following stages, as
shown in Figure 8.1:

SSH client connection:
— The P330 generates a key of variable length (512-2048 bits) using the DSA

encryption method. This is the private key.

— The P330 calculates an MD5 Hash of the public key, called a fingerprint. The

fingerprint is always 16 bytes long. This fingerprint is displayed.

— The P330 sends the public key (i.e., the fingerprint,) to the client computer.

This public key is used by the client to encrypt the data it sends to the P330.
The P330 decrypts the data using the private key.

— Both sides negotiate and must agree on the same chipper type. The P330

only supports 3DES-CBC encryption. The user on the client side accepts the
fingerprint. The client keeps an IP vs. fingerprint public key cache and
notifies the user if the cache changes.

— The client chooses a random number that is used to encrypt and decrypt the

information sent.

— This random number is sent to the P330, after encryption based on the

P330’s public key.

— When the P330 receives the encrypted random number, it decrypts it using

the private key. This random number is now used with the 3DES-CBC
encryption method for all encryption and decryption of data. The public
and private keys are no longer used.

User Authentication:
— Before any data is transferred, the P330 requires the client to supply a user

name and password. This authenticates the user on the client side to the
P330.