Ssh Connection Across Vpns - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
the client by the digital signature. Finally, the server sends a message to the client to inform it of the
authentication result. The switch supports using the publickey algorithms RSA and DSA for digital
signature.
An SSH2.0 server might require the client to pass both password authentication and publickey
authentication or either of them. However, if the client is running SSH1, the client only needs to pass
either authentication, regardless of the requirement of the server.
The following gives the steps of the authentication stage:
1.
The client sends the server an authentication request that includes the username, the authentication
method, and the information related to the authentication method (for example, the password in
the case of password authentication).
2.
The server authenticates the client. If the authentication fails, the server sends the client a message
to inform the client of the failure and the methods available for re-authentication.
3.
The client selects a method from the list to initiate another authentication.
4.
The preceding process repeats until the authentication succeeds or the number of failed
authentication attempts exceeds the maximum of authentication attempts. In the latter case, the
server tears the session down.
NOTE:
Only clients running SSH2.0 or a later version support password re-authentication that is initiated by the
switch acting as the SSH server.
Session request
After passing authentication, the client sends a session request to the server, and the server listens to and
processes the request from the client. If the server successfully processes the request, the server sends an
SSH_SMSG_SUCCESS packet to the client and goes on to the interaction stage with the client. Otherwise,
the server sends an SSH_SMSG_FAILURE packet to the client to indicate that the processing has failed or
it cannot resolve the request.
Interaction
In this stage, the server and the client exchanges data as follows:
1.
The client encrypts and sends the command to be executed to the server.
2.
The server decrypts and executes the command, and then encrypts and sends the result to the
client.
3.
The client decrypts and displays the result on the terminal.
In the interaction stage, you can paste commands in text format and execute them at the CLI. The text
pasted at one time must be within 2000 bytes. HP recommends you to paste commands in the same view.
Otherwise, the server might not be able to execute the commands correctly.
To execute commands of more than 2000 bytes, save the commands in configuration file, upload it to the
server through Secure FTP (SFTP), and use it to restart the server.
SSH connection across VPNs
With this function, you can configure the switch as an SSH client to establish connections with SSH
servers in different MPLS VPNs.
As shown in
services of the two VPNs isolated. After a PE is enabled with the SSH client function, it can establish SSH
Figure
90, the hosts in VPN 1 and VPN 2 access the MPLS backbone through PEs, with the
303
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
