HP 5120 SI Series Security Configuration Manual page 256

Hide thumbs Also See for 5120 SI Series:
Table of Contents

Advertisement

Password authentication—The server uses AAA for authentication of the client. During password
authentication, the client encrypts its username and password, encapsulates them into a password
authentication request, and sends the request to the server. Upon receiving the request, the server
decrypts the username and password, checks the validity of the username and password locally or
by a remote AAA server, and then informs the client of the authentication result.
Publickey authentication—The server authenticates the client by the digital signature. During
publickey authentication, the client sends to the server a publickey authentication request that
contains its username, public key, and publickey algorithm information. The server checks whether
the public key is valid. If the public key is invalid, the authentication fails. Otherwise, the server
authenticates the client by the digital signature. Finally, the server sends a message to the client to
inform the authentication result. The device supports using the publickey algorithms RSA and DSA
for digital signature.
The following gives the steps of the authentication stage:
1.
The client sends to the server an authentication request, which includes the username,
authentication method—password authentication or publickey authentication, and information
related to the authentication method—for example, the password in the case of password
authentication.
2.
The server authenticates the client. If the authentication fails, the server informs the client by
sending a message, which includes a list of available methods for re-authentication.
3.
The client selects a method from the list to initiate another authentication.
4.
The process repeats until the authentication succeeds or the number of failed authentication
attempts exceeds the maximum of authentication attempts and the session will turn down.
NOTE:
In addition to password authentication and publickey authentication, SSH2.0 also provides the following
authentication methods:
Password-publickey—Performs both password authentication and publickey authentication if the client
is using SSH2.0 and performs either if the client is running SSH1.
Any—Performs either password authentication or publickey authentication.
Session request
After passing authentication, the client sends a session request to the server, and the server listens to and
processes the request from the client. After successfully processing the request, the server sends an
SSH_SMSG_SUCCESS packet to the client and goes on to the interaction stage with the client. Otherwise,
the server sends an SSH_SMSG_FAILURE packet to the client to indicate that the processing has failed or
it cannot resolve the request.
Interaction
In this stage, the server and the client exchanges data in the following way:
The client encrypts and sends the command to be executed to the server.
The server decrypts and executes the command, and then encrypts and sends the result to the client.
The client decrypts and displays the result on the terminal.
244

Advertisement

Table of Contents
loading

Table of Contents