HP StorageWorks MSA 2/8 - SAN Switch User Manual page 94

Basic Security in FOS
prevent, or even detect, these attempts to sniff passwords. Secure Shell (SSH), is
an alternative to Telnet, and uses strong encryption to prevent password sniffing
and enhance the privacy of the management link.
SSH encrypts all messages, including the client sending the password at login
time. This is a significant improvement over the basic telnet and sectelnet, which
encrypts only the login password. The SSH package contains a daemon (sshd)
which runs on the switch, and is very similar to telnetd except that all messages
are encrypted. The SSH daemon supports a wide variety of encryption algorithms,
such as Data Encryption Standard (DES), AES, etc.
The daemon requires keys (public/private) for encryption. These keys are
generated by a program called ssh-keygen when the openssh RPM is installed.
The keys are saved to files in /etc directory and sshd will read them on startup.
Supported Versions and Features:
Note:
session, the telnet traffic is still in clear text and not secure.
Note:
are in clear text. This includes the remote FTP server's login and password. This
limitation affects the following commands: savecore, configupload,
configdownload, and firmwaredownload.
94
officially support ssh2. ssh2 uses DSA key for authentication. The DSA
authentication key is 1024 bits.
The daemon will run under root identity.
A user cannot save their public keys on the switch. A password is the only
method of authentication.
the following default ciphers for session encryption are supported:
AES128-CBC, 3DES-CBC, Blowfish-CBC, Cast128-CBC, and RC4.
the following HMACs are supported: HMAC-MD5, HMAC-SHA1,
HMAC-SHA1-96, HMAC-MD5-96.
If you telnet to another machine, and then start a SSH session inside that telnet
The FTP protocol is not secure. When you FTP to or from the switch, the contents
Fabric OS Procedures Version 3.1.x/4.1.x User Guide