Ssh overview, Support for ssh – Allied Telesis AT-S62 User Manual

Chapter 33: Secure Shell (SSH) Protocol

738

Section VII: Management Security

SSH Overview

Secure management is increasingly important in modern networks, as the
ability to easily and effectively manage switches and the requirement for
security are two universal requirements. Switches are often remotely
managed using remote sessions via the Telnet protocol. This method,
however, has a serious security problem—it is only protected by plaintext
usernames and passwords which are vulnerable to wiretapping and
password guessing.

The Secure Shell (SSH) protocol provides encrypted and strongly
authenticated remote login sessions, similar to the Telnet and rlogin
protocols, between a host running a Secure Shell server and a machine
with a Secure Shell client.

The AT-S62 management software features Secure Shell server software
to enable network managers to securely manage the switch over an
insecure network. It offers the benefit of cryptographic authentication and
encryption. Secure Shell can replace Telnet for remote management
sessions.

Support for SSH

The AT-S62 management software implementation of the SSH protocol is
compliant with SSH1 (versions 1.3 and 1.5) and SSH2 (version 2.0).

In addition, the following SSH options and features are supported:

ˆ

Inbound SSH connections (server mode) is supported.

ˆ

The following security algorithms are supported:

– 128-bit Advanced Encryption Standard (AES),

192-bit AES, and 256-bit AES

– Arcfour (RC4) security algorithm is supported.

– Triple-DES (3DES) encryption for SSH sessions is

supported.

ˆ

RSA public keys with lengths of 512 to 2048 bits are supported. Keys
are stored in a format compatible with other Secure Shell
implementations, and mechanisms are provided to copy public keys to
and from the switch.

ˆ

Compression of SSH traffic.

The following SSH options and features are not supported:

ˆ

IDEA or Blowfish encryption

ˆ

Nonencrypted Secure Shell sessions