Ssh Configuration - Avaya G350 Administration

Accessing the Avaya G350 Media Gateway
Managing login permissions
Use the
ssh enable
Configuration on page 34.
RSA authentication works as follows:
•
The G350 generates a key of variable length (512-2048 bits) using the DSA encryption method.
This is the private key.
•
The G350 calculates an MD5 Hash of the private key, called a fingerprint (the public key). The
fingerprint is always 16 bytes long. This fingerprint is displayed.
•
The G350 sends the public key (the fingerprint) to the client computer. This public key is used by
the client to encrypt the data it sends to the G350. The G350 decrypts the data using the private
key.
•
Both sides negotiate and must agree on the same chipper type. The G350 only supports 3DES-
CBC encryption. The user on the client side accepts the fingerprint. The client maintains a cache
containing a list of fingerprints per server IP address. If the information in this cache changes, the
client notifies the user.
•
The client chooses a random number that is used to encrypt and decrypt the information sent.
•
This random number is sent to the G350, after encryption based on the G350's public key.
•
When the G350 receives the encrypted random number, it decrypts it using the private key. This
random number is now used with the 3DES-CBC encryption method for all encryption and
decryption of data. The public and private keys are no longer used.
Password authentication works as follows:
•
Before any data is transferred, the G350 requires the client to supply a user name and password.
This authenticates the user on the client side to the G350.

SSH Configuration

Use the ip
ssh enable
form of this command to disable the SSH server. Disabling the server disconnects all active SSH
sessions. By default, SSH is enabled.
You can set the following SSH parameters using the
•
timeout
respond. If this time elapses with no response, the session's SSH server disconnects. The timeout
can be from 20 to 400 seconds. The default value is 120.
NOTE:
This parameter applies to the SSH negotiation phase. Once an SSH session is established,
the CLI timeout applies.
•
authentication-retries
disconnects. This parameter can be from 1 to 5. The default value is 3.
•
rsa-authentication
default, public key authentication is disabled.
•
password-authentication
By default, password authentication is enabled.
•
— changes the default value of the SSH port. Changing the port number does not interrupt
port
active connections. The default value is 22.
34
command to determine which of these ways is used on the G350. See
command to enable SSH authentication and set the SSH parameters. Use the
— sets the time interval (in seconds) that the SSH server waits for the SSH client to
— the number of connection attempts after which the SSH server
— enables (yes) or disables (no) the public key authentication method. By
— enables (yes) or disables (no) the password authentication method.
command:
ssh enable
Administration of the Avaya G350 Media Gateway
SSH
no
June 2004