Ssh server – Allied Telesis AT-S60 User Manual

AT-S60 Management Software User’s Guide

Section V: Security Features

531

❑ RSA public keys with lengths of 512 to 1536 bits are supported.

Keys are stored in a format compatible with other Secure Shell
implementations, and mechanisms are provided to copy keys to
and from the switch.

❑ Compression of SSH traffic.

Note

DES is not supported by SSH 2.0.

The following SSH options and features are not supported:

❑ IDEA or Blowfish encryption

❑ Nonencrypted Secure Shell sessions

❑ Tunnelling of TCP/IP traffic

Note

Non-encrypted Secure Shell sessions serve no purpose.

SSH Server

When the SSH server is enabled, connections from SSH clients can be
accepted. When the SSH server is disabled, connections from SSH clients
are rejected by the switch. Within the switch, the AT-S60 software uses
well-known port 22 as the SSH default port.

Note

If your switch is in a network that is protected by a firewall, you may
need to configure the firewall to permit SSH connections.

The SSH server accepts connections from configured users only.
Acceptable users are those with a Manager or Operator login as well as
users configured with the RADIUS and TACACS+ protocols. You can add,
delete, and modify users with the RADIUS and TACACS+ feature. For
information about how to configure RADIUS and TACACS+, see Enabling
TACACS+ or RADIUS on page 544.

SSH encryption key management is implemented by the Encryption
(ENCO) protocol. RSA public keys can be imported and exported to and
from the single-line ASCII format used by all SSH implementations. For
information on how to configure the Encryption protocol, see
Configuring Keys for Encryption on page 491.