Configuring Ssh; Overview; Ssh Operation - HP 12500 Series Configuration Manual

Configuring SSH

Overview

Secure Shell (SSH) is a network security protocol. Using encryption and authentication, SSH can
implement secure remote access and file transfer over an insecure network. Adopting the typical
client/server model, SSH can establish a channel to protect data transfer based on TCP. SSH includes
two versions: SSH1 and SSH2.0 (hereinafter referred to as SSH1 and SSH2), which are not compatible.
SSH2 is better than SSH1 in performance and security. The device can work as an SSH server to provide
services to SSH clients, and can work as an SSH client to allow users to establish SSH connections with
a remote SSH server. When acting as an SSH server, the device supports SSH2 and SSH1. When acting
as an SSH client, the device supports SSH2 only.
The device supports the following SSH applications:
Secure Telnet (Stelnet)—Provides secure and reliable network terminal access services. Through
•
Stelnet, a user can log in to a remote server securely. Stelnet can protect devices against attacks
such as IP spoofing and plain text password interception. The device can act as both the Stelnet
server and Stelnet client.
• Secure FTP (SFTP)—Based on SSH, SFTP uses the SSH connection to provide secure file transfer. The
device can serve as the SFTP server, allowing a remote user to log in to the SFTP server for secure
file management and transfer. The device can also serve as an SFTP client, enabling a user to log
in from the device to a remote device for secure file transfer.
SCP—Based on SSH2, SCP offers a secure approach to copying files. The device can act as the SCP
•
server, allowing a user to log in to the device for file upload and download. The device can also act
as an SCP client, enabling a user to log in from the device to a remote server for secure file transfer.
For more information about FIPS mode, see

SSH operation

This section uses SSH2 as an example.
To establish an SSH connection and communicate with each other through the connection, an SSH client
and an SSH server go through the stages that
SSH Technology White Paper.
Table 9 Stages involved in secure session establishment
Stages
Connection establishment
Version negotiation
Algorithm negotiation
"Configuring
Table 9
Description
The SSH server listens to the connection requests on port 22. After a client
initiates a connection request, the server and the client establish a TCP
connection.
The two parties determine a version to use after negotiation.
SSH supports multiple algorithms. Based on the local algorithms, the two parties
determine the key exchange algorithm for generating session keys, the
encryption algorithm for encrypting data, public key algorithm for digital
signature and authentication, and the HMAC algorithm for protecting data
integrity.
208
FIPS."
lists. For more information about these stages, see