Table of Contents
Advertisement
3.3 NETWORK Setup Pages
SSH uses Host Keys to uniquely identify each SSH server. Host keys are used for server authen-
tication and identification. A secure unit permits users to create or delete RSA or DSA keys for the
SSH2 protocol.
The user may choose to delete individual RSA or DSA host keys.
If the user chooses to delete the RSA or DSA key, the SSH will function, but that form of server
authentication will not be available. If the user chooses to delete both the RSA and DSA keys,
SSH will not function. In addition, if SSH Host Keys are being generated at the time of deletion, the
key generation processes are stopped, any keys created will be deleted, and all key bit sizes are
set to 0.
The user may choose to delete existing keys and request the creation of new keys, but it is often
simpler to make these requests separately.
The user may create individual RSA and DSA Host Public/Private Key pairs. Host keys must first
be deleted before new Host Keys can be created.
SecureSyncs have their initial host keys created at the factory. RSA host key sizes can vary
between 768 and 4096 bits. The recommended key size is 1024. Though many key sizes are sup-
ported, it is recommended that users select key sizes that are powers of 2 or divisible by 2. The
most popular sizes are 768, 1024, and 2048. Large key sizes of up to 4096 are supported, but may
take 10 minutes or more to generate. DSA keys size support is limited to 1024 bits.
Host keys are generated in the background. Creating RSA and DSA keys, each with 1024 bits
length, typically takes about 30 seconds. Keys are created in the order of RSA, DSA, RSA1.
When the keys are created you can successfully make SSH client connections. If the unit is
rebooted with host key creation in progress, or the unit is booted and no host keys exist the key
generation process is restarted. The key generation process uses either the previously specified
key sizes or if a key size is undefined, the default key bit length size used is 2048. A key with a
zero length or blank key size field is not created.
The SSH client utilities SSH, SCP, and SFTP allow for several modes of user authentication.
SSH allows the user to remotely login or transfer files by identifying the user's account and the tar-
get machines IP address. Users can be authenticated either by using their account passwords or
by using a Public Private Key Pair. Users keep their private key secret within their workstations or
network user accounts and provide the SecureSync a copy of their public key. The modes of
authentication supported include:
Either Public Key with Passphrase or Login Account Password
Login Account Password only
Public Key with Passphrase only
SSH using public/private key authentication is the most secure method of authenticating users for
SSH, SCP or SFTP sessions.
Users are required to create private and public key pairs on their workstation or within a private
area in their network account. These keys may be RSA or DSA and may be any key bit length as
76
NOTE –
Only SSH2 is supported. SSH1 protocol is not supported, due to vul-
nerabilities.
CHAPTER
•
3
SecureSync User Reference Guide Rev. 18
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the SecureSync and is the answer not in the manual?