beautypg.com

Configuring ssh, Overview, How ssh works – H3C Technologies H3C SecBlade LB Cards User Manual

Page 167

background image

156

Configuring SSH

Overview

Secure Shell (SSH) is a network security protocol. Using encryption and authentication, SSH implements

remote login and file transfer securely over an insecure network.
SSH uses the typical client/server model, establishing a channel to protect data transfer based on TCP.
SSH includes two versions: SSH1.x and SSH2.0 (hereinafter referred to as SSH1 and SSH2), which are

not compatible. SSH2 is better than SSH1 in performance and security.
The device can not only work as an SSH server to provide services to SSH clients, but can also work as
an SSH client to allow users to establish SSH connections with a remote SSH server. When acting as an

SSH server, the device supports SSH and SSH1. When acting as an SSH client, the device supports SSH2

only.
The device supports the following SSH applications:

Stelnet—Provides secure and reliable network terminal access services. Through Stelnet, a user can

log in to a remote server securely. Stelnet protects devices against attacks such as IP spoofing and
plain text password interception. The device can act as both the Stelnet server and Stelnet client.

SFTP—Based on SSH2, SFTP uses the SSH connection to provide secure file transfer. The device can
serve as the SFTP server, allowing a remote user to log in to the SFTP server for secure file

management and transfer. The device can also serve as an SFTP client, enabling a user to log in

from the device to a remote device for secure file transfer.

SCP—Based on SSH2, SCP offers a secure approach to copying files. The device can act as the SCP

server, allowing a user to log in to the device for file upload and download. The device can also act
as an SCP client, enabling a user to log in from the device to a remote server for secure file transfer.

SSH can be configured only at the CLI.

How SSH works

This section uses SSH2 as an example.
To establish an SSH connection and communicate with each other through the connection, an SSH client

and an SSH server go through the stages listed in

Table 19

. For more information about these stages, see

SSH Technology White Paper.

Table 19 Stages of secure session establishment

Stages Description

Connection establishment

The SSH server listens to the connection requests on port 22. After a client
initiates a connection request, the server and the client establish a TCP

connection.

Version negotiation

The two parties determine a version to use after negotiation.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: