Ssh and enhanced stacking – Allied Telesis AT-S62 User Manual

Chapter 28: Secure Shell (SSH) Protocol

Section VII: Management Security

546

SSH and

Enhanced

Stacking

The AT-S62 management software allows for encrypted SSH
management sessions between a management workstation and a
master switch of an enhanced stack, but not with slave switches, as
explained in this section.

When you remotely manage a slave switch, all management
communications are conducted through the master switch using the
enhanced stacking feature. Management packets from your workstation
are first directed to the master switch before being forwarded to the
slave switch. The reverse is true as well. Management packets from a
slave switch first pass through the master switch before reaching your
management workstation.

Enhanced stacking uses a proprietary protocol. The protocol does not
provide for encryption between a master switch and a slave switch. The
result is that SSH encryption only occurs between your workstation and
the master switch, not between your workstation and a slave switch.

This is illustrated in Figure 178. The figure shows an SSH management
workstation that is managing a slave switch of an enhanced stack. The
packets exchanged between the slave switch and the master switch are
transmitted in plaintext and those exchanged between the master
switch and the SSH management workstation are encrypted.

Figure 178 SSH Remote Management of a Slave Switch

Since enhanced stacking does not allow for SSH encrypted management
sessions between a management station and a slave switch, you
configure SSH only on the master switch of a stack. Activating SSH on a
slave switch has no affect.

Master Switch

SSH Management

Workstation

Encrypted Management Packets

Slave Switch

Plaintext Management Packets
(Proprietary Enhanced Stacking Protocol)

(SSH Protocol)