Ssh server, Ssh clients, Ssh server ssh clients – Allied Telesis AT-S60 User Manual

Page 388

background image

AT-S60 Management Software User’s Guide

Section III: Security Features

387

❑ RSA public keys with lengths of 512 to 2048 bits are supported.

Keys are stored in a format compatible with other Secure Shell
implementations, and mechanisms are provided to copy keys to
and from the switch.

❑ Compression of SSH traffic.

The following SSH options and features are not supported:

❑ IDEA or Blowfish encryption

❑ Nonencrypted Secure Shell sessions

❑ Tunnelling of TCP/IP traffic

Note

Non-encrypted Secure Shell sessions serve no purpose.

SSH Server

When the SSH server is enabled, connections from SSH clients can be
accepted. When the SSH server is disabled, connections from SSH clients
are rejected by the switch. Within the switch, the AT-S60 software uses
well-known port 22 as the SSH default port.

Note

If your switch is in a network that is protected by a firewall, you may
need to configure the firewall to permit SSH connections.

The SSH server accepts connections from configured users only.
Acceptable users are those with a Manager or Operator login as well as
users configured with the RADIUS and TACACS+ protocols. You can add,
delete, and modify users with the RADIUS and TACACS+ feature. For
information about how to configure RADIUS and TACACS+, see
Enabling TACACS+ or RADIUS on page 399.

SSH encryption key management is implemented by the Encryption
(ENCO) protocol. RSA public keys can be imported and exported to and
from the single-line ASCII format used by all SSH implementations. For
information on how to configure the Encryption protocol, see
Configuring Keys for Encryption on page 347.

SSH Clients

The SSH protocol provides a secure connection between the switch and
SSH clients. Once you have configured the SSH server, you need to install
SSH client software on your management PC. The AT-S60 software
supports both SSH1 and SSH2 clients.