Using Ssh - HP 16-port SCS Installation Instructions Manual

Displaying PPP configuration information
Issue a Show Server PPP command.
show server ppp
See "Show Server PPP command."

Using SSH

The SCS supports version 2 of the SSH protocol (SSH2). The SCS SSH server operates on the standard SSH port 22.
SSH connections operate on TCP ports that are numbered with values 100 greater than the standard 30xx Telnet
ports for the SCS. For example, if port 7 is configured for Telnet access on port 3007, then port 3107 is a direct SSH
connection for port 7. When SSH is enabled, Telnet port 23 connections are accepted from other clients if the
Server Security command includes the Encrypt=SSH, None parameter, which indicates that both SSH and
plain text connections are allowed.
SSH server keys
When SSH is enabled for the first time, all sessions are terminated and the SCS generates an SSH server key. The key
generation process can take up to three minutes. The key is computed at random and is stored in the SCS
configuration database.
In most cases, the SSH server key should not be modified because most SSH clients associate the key with the IP
address of the SCS. During the first connection to a new SSH server, the client displays the server key of the SSH. You
are prompted to indicate if it should be stored on the SSH client. After the first connection, most SSH clients validate
the key when connecting to the SCS, which provides an extra layer of security because the SSH client can verify the
key sent by the server each time it connects.
When you disable SSH and later re-enable it, you can either use the existing server key or compute a new one. If you
are re-enabling the same server at the same IP address, HP recommends that you use the existing key because SSH
clients might be using it for verification. If you are moving the SCS to another location and changing the IP address,
you might want to generate a new SSH server key.
Authenticating an SSH user
SSH is enabled and disabled with the Server SSH command. When you enable SSH, you can specify the
authentication methods that are used for SSH connections. The method can be a password, an SSH key, or both. A
user's password and SSH key are specified with a User Add or User Set command. All SSH keys must be Rivest,
Shamir, and Adelman (RSA) keys. Digital signature algorithm (DSA) keys are not supported.
Table 3-3 lists and describes the valid SSH authentication methods that can be specified with a Server SSH
command.
Table 3-3
SSH authentication methods
Method
PW (default)
KEY
PW|KEY or KEY|PW
PW&KEY or KEY&PW
Description
SSH connections are authenticated with a user name and password. With this method, a user's
definition must include a valid password for that user to authenticate an SSH session.
SSH connections are authenticated with an SSH key. With this method, a user's definition must
include valid SSH key information for that user to authenticate an SSH session. Key authentication is
always local. RADIUS is not supported. See "SSH user keys."
SSH connections are authenticated with either a user name and password or an SSH key. If a user
has only a password defined, that user must authenticate an SSH session with a user name and
password. If a user has only an SSH key defined, that user must authenticate an SSH session using
the key. If a user has both a password and an SSH key defined, that user can use either a user
name and password or the SSH key to authenticate an SSH session. This method enables the
administrator to define how each user authenticates an SSH session based on information provided
in the User Add/Set command.
PW authentication is local or RADIUS as specified in the Auth parameter of the Server
Security command. Key authentication is always local.
SSH connections are authenticated using both a user name and password and an SSH key. With
this method, a user's definition must include a password and SSH key information for that user to
authenticate an SSH session.
PW authentication is local or RADIUS as specified in the Auth parameter of the Server
Security command. Key authentication is always local.
Operations 26