Ssh Authentication Methods - HP 5920 Series Configuration Manual

Stages
Key exchange
Authentication
Session request
Interaction

SSH authentication methods

When the device acts as an SSH server, it supports the following authentication methods:
Password authentication—The SSH server authenticates a client through the AAA mechanism. In a
•
password authentication, an SSH client encrypts and encapsulates its username and password into
an authentication request, and sends the request to the server. After receiving the request, the SSH
server decrypts the request to get the username and password in plain text, examines the validity of
the username and password locally or by a remote AAA server, and then informs the client of the
authentication result.
If the remote AAA server requires the user to enter a password for secondary authentication, it
send the SSH server an authentication response carrying a prompt. The prompt is transparently
transmitted to the client to notify the user to enter a specified password. After the user enters the
correct password and passes validity check by the remote AAA server, the SSH server returns an
authentication success message to the client.
For more information about AAA, see
NOTE:
SSH1 clients do not support secondary password authentication that is initiated by the AAA server.
Publickey authentication—The server authenticates a client by the digital signature. In a publickey
•
authentication, a client sends the server a publickey authentication request that contains its
username, public key, and publickey algorithm information. The server checks whether the public
key is valid. If the public key is invalid, the authentication fails. Otherwise, the server authenticates
the client by the digital signature. Finally, the server informs the client of the authentication result.
The device supports using the public key algorithms RSA and DSA for digital signature.
For more information about public key configuration, see
Description
The two parties use the DH exchange algorithm to dynamically generate
the session key for protecting data transfer and the session ID for
identifying the SSH connection. In this stage, the client authenticates the
server as well.
The SSH server authenticates the client in response to the client's
authentication request.
After passing the authentication, the client sends a session request to the
server to request the establishment of a session (or request the Stelnet,
SFTP, or SCP service).
After the server grants the request, the client and the server start to
communicate with each other in the session.
In this stage, you can paste commands in text format and execute them
at the CLI. The text pasted at one time must be no more than 2000 bytes.
HP recommends that you paste commands in the same view. Otherwise,
the server might not be able to correctly execute the commands.
To execute commands of more than 2000 bytes, save the commands in
a configuration file, upload it to the server through SFTP, and use it to
restart the server.
"Configuring AAA."
153
"Managing public keys."