Ssh Authentication - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
Stages
Algorithm negotiation
Key exchange
Authentication
Session request
Interaction
SSH authentication
When the device acts as an SSH server, it supports the following authentication methods:
•
Password authentication—The SSH server uses AAA for authentication of the client. During
password authentication, the SSH client encrypts its username and password, encapsulates them
into an authentication request, and sends the request to the server. After receiving the request, the
SSH server decrypts the request to get the username and password in plain text, checks the validity
of the username and password locally or by a remote AAA server, and then informs the client of the
authentication result.
Publickey authentication—The server authenticates the client by the digital signature. During
•
publickey authentication, the client sends the server a publickey authentication request that contains
its username, public key, and publickey algorithm information (or the digital certificate that carries
the public key information). The server examines whether the public key is valid. If the public key is
invalid, the authentication fails. Otherwise, the server authenticates the client by the digital
signature. Finally, it informs the client of the authentication result. The device supports using the
publickey algorithms RSA and DSA for digital signature.
A client can send public key information to the device that acts as the server for validity check in
either of the following methods:
The client directly sends the user's public key information to the server, and the server checks the
validity of the user's public key.
The client sends the user's public key information to the server through a digital certificate, and
the server checks the validity of the digital certificate. When acting as a client, the device does
not support this method.
Description
SSH supports multiple algorithms. Based on the local algorithms, the two parties
determine the key exchange algorithm for generating session keys, the
encryption algorithm for encrypting data, public key algorithm for digital
signature and authentication, and the HMAC algorithm for protecting data
integrity.
The two parties use the Diffie-Hellman (DH) exchange algorithm to dynamically
generate the session key for protecting data transfer and the session ID for
identifying the SSH connection. In this stage, the client authenticates the server
as well.
The SSH server authenticates the client in response to the client's authentication
request.
After passing authentication, the client sends a session request to the server to
request the establishment of a session (Stelnet, SFTP, or SCP).
After the server grants the request, the client and the server start to communicate
with each other in the session.
In the interaction stage, you can execute commands from the client by pasting
the commands in text format (the text must be within 2000 bytes). The
commands must be available in the same view. Otherwise, the server might not
be able to execute the commands correctly.
If you want to execute commands of more than 2000 bytes, you can save the
commands in a configuration file, upload it to the server through SFTP, and use
it to restart the server.
314
Advertisement
Table of Contents
Troubleshooting
