beautypg.com

Ssh server, Ssh clients, Ssh server ssh clients – Allied Telesis AT-S62 User Manual

Page 545

background image

AT-S62 User’s Guide

Section VII: Management Security

545

❑ Tunnelling of TCP/IP traffic

Note

Non-encrypted Secure Shell sessions serve no purpose.

SSH Server

The AT-S62 management software includes SSH server software. When
the SSH server is activated, your remote management sessions of the
switch from a management station that has SSH client software will be
encrypted.

Note

If your switch is in a network protected by a firewall, you may need
to configure the firewall to permit SSH connections.

An SSH management session uses the same usernames and passwords
as the other types of switch management sessions. You can log in using
the default manager or operator login account, or as a user configured
with the RADIUS and TACACS+ protocols, as explained in Chapter 29,
RADIUS and TACACS+ Authentication Protocols on page 552.

The Secure Shell server requires two encryption key pairs. The first,
called the host key, is the switch’s own RSA key. The recommended
length of this key is 1024 bits. The second key, the server key, is used by
the SSH server software on the switch. If desired, you can configure the
switch to periodically re-generate this key. The two keys cannot be of the
same length. For the procedure for creating an encryption key, see
Creating an Encryption Key on page 500.

For information on how to create an encryption key, see Creating an
Encryption Key on page 500.

SSH Clients

The SSH protocol provides a secure connection between the switch and
SSH clients. Once you have configured the SSH server, you need to install
SSH client software on your management workstation. The AT-S62
software supports both SSH1 and SSH2 clients.

You can download client software from the Internet. Two popular SSH
clients are PuTTY and CYGWIN. To install SSH client software, follow the
directions from the vendor.

Once you have installed the SSH client software on your workstation and
configured the server software on the switch, you can use the client
software to login to the switch for an encrypted SSH management
session.

See also other documents in the category Allied Telesis Computer hardware: