6. Secure Shell (SSH) and SFTP/SCP
The SSH protocol supports the following security features:
Authentication. This feature determines, in a reliable way, the SSH client. During the login
process, the SSH client is queried for a digital proof of identity.
Supported authentications are public key (either RSA or DSA) and password
Encryption. The SSHv2 server uses encryption algorithms to scramble data and render it
unintelligible except to the receiver. Supported encryption and ciphers are:
o
VSP9000 and VOSS versions prior to 4.2: aes128-cbc, aes192-cbc, aes256-cbc, and 3des-
cbc,3des
o
VOSS 4.2 or higher: aes128-cbc, aes256-cbc,3des-cbc, aes128-ctr,aes256-ctr, and aes192-
ctr,aes192-cbc
Integrity. This feature guarantees that the data is transmitted from the sender to the receiver
without any alteration. If any third party captures and modifies the traffic, the SSH server detects
this alteration. Supported hash algorithms are:
o
VSP9000 and VOSS versions prior to 4.2: hmac-md5,hmac-sha1,aead-aes-128-gcm-
ssh,aead-aes-256-gcm-ssh,hmac-sha1-96,hmac-md5-96
o
VOSS 4.2 or higher: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
Secure Copy (SCP) and/or Secure File Transfer (SFTP) are off by default and enabled when SSH is
enabled using the boot config flags ssh command. Please note the VSP 9000 and VOSS 4.1 or lower for
the VSP 4000 or VSP 8000 only supports SCP while in the VOSS 4.2 release SFTP is supported.
SSH client is supported on the VSP switch. Authentication via password and DSA is supported; RSA is
not supported. DSA keys can be generated, but, only equal to or less than 1024 bits.
The following table describes the third-party SSH and SFTP client software that have been tested with the
VSP switch.
SSH Client
Secure Shell (SSH)
SecureCRT
Putty
OpenSSH
March 2015
Table 9: SSH clients
Supports SSHv2 client.
Authentication:
o RSA
o DSA
o Password
Supports SSH-2 client.
Authentication:
o RSA
o DSA
o Password
Supports SSHv2 clients.
Avaya Inc. – External Distribution
avaya.com
SFTP or SCP
SecureFX distribution support
SCP and SFTP
Note: To display doted directory, in
SecureFX, go to Options -> Global
Options and via the Global Options
popup window, go to File Transfer ->
View and make sure Do not show dot
files is not checked
Client distribution includes both a
SFTP and SCP client
Client distribution includes SCP
78