1 ssh configuration, Ssh overview, Introduction to ssh – H3C Technologies H3C S3600 Series Switches User Manual
Page 891: Algorithm and key, Ssh configuration
1-1
1
SSH Configuration
When configuring SSH, go to these sections for information you are interested:
z
z
z
Displaying and Maintaining SSH Configuration
z
Comparison of SSH Commands with the Same Functions
z
SSH Overview
Introduction to SSH
Secure Shell (SSH) is a protocol that provides secure remote login and other security services in
insecure network environments, allowing for secure access to the Command Line Interface (CLI) of a
switch for configuration and management. In an SSH connection, data are encrypted before being sent
out and decrypted after they reach the destination. This prevents attacks such as plain text password
interception. SSH also provides powerful user authentication functions that prevent attacks such as
DNS and IP spoofing. Besides, SSH can also provide data compression to increase transmission speed,
take the place of Telnet and provide a secure “channel” for transfers using File Transfer Protocol (FTP).
SSH adopts the client-server model. The switch can be configured as an SSH client, an SSH server, or
both at the same time. As an SSH server, the switch provides secure connections to multiple clients. As
an SSH client, the switch allows the remote server to establish a secure SSH connection for remote
login.
Algorithm and Key
Algorithm is a set of transformation rules for encryption and decryption. Information without being
encrypted is known as plain text, while information that is encrypted is known as cipher text. Encryption
and decryption are performed using a string of characters called a key, which controls the
transformation between plain text and cipher text, for example, changing the plain text into cipher text or
cipher text into plain text.
Figure 1-1 Encryption and decryption
There are two types of key algorithms:
z
Symmetric key algorithm
The same key is used for both encryption and decryption. Supported symmetric key algorithms include
DES, 3DES, and AES, which can effectively prevent data eavesdropping.