Fips Compliance - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
c.
Informs the client of the authentication result.
If the remote AAA server requires the user to enter a password for secondary authentication, it
send the SSH server an authentication response carrying a prompt. The prompt is transparently
transmitted to the client to notify the user to enter a specific password. After the user enters the
correct password and passes validity check by the remote AAA server, the SSH server returns an
authentication success message to the client.
For more information about AAA, see
NOTE:
SSH1 clients do not support secondary password authentication that is initiated by the AAA server.
Publickey authentication
The server authenticates a client by verifying the digital signature of the client. The publickey
authentication process is as follows:
1.
The client sends the server a publickey authentication request that includes the username, public
key, and public key algorithm name.
If the digital certificate of the client is required in authentication, the client also encapsulates the
digital certificate in the authentication request. The digital certificate carries the public key
information of the client.
2.
The server verifies the client's public key.
If the public key is invalid, the server informs the client of the authentication failure.
If the public key is valid, the server requests the digital signature of the client. After receiving the
signature, the server uses the public key to verify the signature, and informs the client of the
authentication result.
When acting as an SSH server, the device supports using the public key algorithms RSA, DSA, and
ECDSA to verify digital signatures.
When acting as an SSH client, the device supports using the public key algorithms RSA, DSA, and
ECDSA to generate digital signatures.
For more information about public key configuration, see
Password-publickey authentication
The server requires SSH2 clients to pass both password authentication and publickey authentication.
However, an SSH1 client only needs to pass either authentication, regardless of the requirement of the
server.
Any authentication
The server requires clients to pass either password authentication or publickey authentication.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see
"Configuring
FIPS."
"Configuring
AAA."
"Managing public
271
keys."
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
