Ssh Authentication Methods - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
Table 10 Stages involved in secure session establishment
Stages
Connection establishment
Version negotiation
Algorithm negotiation
Key exchange
Authentication
Session request
Interaction
SSH authentication methods
This section describes authentication methods that are supported by the device when it acts as an SSH
server.
Password authentication
The SSH server authenticates a client through the AAA mechanism. The password authentication process
is as follows:
1.
The client sends the server an authentication request that includes the encrypted username and
password.
2.
The server performs the following operations:
a.
Decrypts the request to get the username and password in plain text.
b.
Verifies the username and password locally or through remote AAA authentication.
Description
The SSH server listens to the connection requests on port 22. After a
client initiates a connection request, the server and the client establish a
TCP connection.
The two parties determine a version to use after negotiation.
SSH supports multiple algorithms. Based on the local algorithms, the two
parties negotiate the following algorithms:
•
Key exchange algorithm for generating session keys.
•
Encryption algorithm for encrypting data.
•
Public key algorithm for digital signature and authentication.
•
HMAC algorithm for protecting data integrity.
The two parties use the DH exchange algorithm to dynamically generate
the session keys and session ID.
•
The session keys are used for protecting data transfer.
•
The session ID is used for identifying the SSH connection.
In this stage, the client authenticates the server as well.
The SSH server authenticates the client in response to the client's
authentication request.
After passing the authentication, the client sends a session request to the
server to request the establishment of a session (or request the Stelnet,
SFTP, SCP, or NETCONF service).
After the server grants the request, the client and the server start to
communicate with each other in the session.
In this stage, you can paste commands in text format and execute them
at the CLI. The text pasted at one time must be no more than 2000 bytes.
HP recommends that you paste commands in the same view. Otherwise,
the server might not be able to correctly execute the commands.
To execute commands of more than 2000 bytes, save the commands in
a configuration file, upload it to the server through SFTP, and use it to
restart the server.
270
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
