Ssh overview, Support for ssh – Allied Telesis AT-S62 User Manual

Chapter 28: Secure Shell (SSH) Protocol

Section VII: Management Security

544

SSH Overview

Secure management is increasingly important in modern networks, as
the ability to easily and effectively manage switches and the
requirement for security are two universal requirements. Switches are
often remotely managed using remote sessions via the Telnet protocol.
This method, however, has a serious security problem—it is only
protected by plaintext usernames and passwords which are vulnerable
to wiretapping and password guessing.

The Secure Shell (SSH) protocol provides encrypted and strongly
authenticated remote login sessions, similar to the Telnet and rlogin
protocols, between a host running a Secure Shell server and a machine
with a Secure Shell client.

The AT-S62 management software features Secure Shell server software
to enable network managers to securely manage the switch over an
insecure network. It offers the benefit of cryptographic authentication
and encryption. Secure Shell can replace Telnet for remote management
sessions.

Support for SSH

The AT-S62 management software implementation of the SSH protocol
is compliant with SSH1 (versions 1.3 and 1.5) and SSH2 (version 2.0).

In addition, the following SSH options and features are supported:

❑ Inbound SSH connections (server mode) is supported.

❑ The following security algorithms are supported:

— 128-bit Advanced Encryption Standard (AES),

192-bit AES, and 256-bit AES

— Arcfour (RC4) security algorithm is supported.

— Triple-DES (3DES) encryption for SSH sessions is supported.

❑ RSA public keys with lengths of 512 to 2048 bits are supported.

Keys are stored in a format compatible with other Secure Shell
implementations, and mechanisms are provided to copy public
keys to and from the switch.

❑ Compression of SSH traffic.

The following SSH options and features are not supported:

❑ IDEA or Blowfish encryption

❑ Nonencrypted Secure Shell sessions