Ssh Method - Huawei AR2200 Series Configuration Manual

Huawei AR2200 Series Enterprise Routers
Configuration Guide - Basic Configuration
l
l
At present, the AR2200 serves only as the TFTP client and transfers files in the binary format.

8.1.4 SSH Method

To securely access another device on the network, you can log in to it by using SSH (including
STelnet,SFTP) from the router that you have logged in to.
SSH Overview
When users on an insecure network log in to the router through Telnet, the Secure Shell (SSH)
feature ensures information security and authentication. It protects the router from attacks such
as IP address spoofing and interception of plain text password.
The SSH client function allows users to establish SSH connections with router serving as SSH
server or with UNIX hosts.
SSH Client Function
The AR2200 supports the STelnet client function ,the SFTP client function.
l
l
Issue 02 (2011-10-15)
The binary format: transfers program files.
The ASCII format: transfers text files.
STelnet client
The Telnet protocol does not provide secure authentication. The TCP transmits data in plain
text. This leads to security problems. The system also faces serious threats from DOS
(Denial of Service) attacks, the host IP address spoofing, and routing spoofing. Telnet
services are prone to network attacks.
SSH implements secure remote access on insecure networks and it has the following
advantages compared with Telnet:
– SSH supports Remote Subscriber Access (RSA) authentication. In RSA authentication,
SSH generates and exchanges public and private keys compliant with asymmetric
encipherment system to ensure the session security.
– SSH supports Data Encryption Standard (DES), 3DES, and AES authentications.
– The user name and the password are both encrypted in the communication between the
SSH client and the SSH server. This prevents password interception.
– SSH encrypts the transmitted data.
When the STelnet server or the connection to the client is faulty, the client must detect the
fault in time and release the connection voluntarily. To implement this, when logging in to
the server through Stelnet, the client must be configured with the interval for sending the
keepalive packet and the number of times for no reply restriction on the server if no packet
is received by the client. If a client does not receive any packet within specified period, the
client sends a keepalive packet to the server. If the number of times of no reply restriction
exceeds the specified number, the client releases the connection voluntarily.
SFTP client
SFTP is short for Secure FTP. You can log in to a device from the secure remote end to
manage files. This improves the security of data transmission when the remote system is
updated. Meanwhile, the client function enables you to log in to the remote device through
SFTP for secure file transmission.
When the SFTP server or the connection between it and the client is faulty, the client must
detect the fault in time and releases the connection voluntarily. To implement this, when
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8 Accessing Another Device
126