Ssh Authentication Methods - HP FlexFabric 5700 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (125 pages) ,
- Configuration manual (63 pages)
Table of Contents
Advertisement
Table 18 Stages to establish an SSH session
Stages
Connection establishment
Version negotiation
Algorithm negotiation
Key exchange
Authentication
Session request
Interaction
SSH authentication methods
This section describes authentication methods that are supported by the device when it acts as an SSH
server.
Password authentication
The SSH server authenticates a client through the AAA mechanism. The password authentication process
is as follows:
1.
The client sends the server an authentication request that includes the encrypted username and
password.
2.
The server performs the following operations:
a.
Decrypts the request to get the username and password in plain text.
b.
Verifies the username and password locally or through remote AAA authentication.
Description
The SSH server listens to connection requests on port 22. After a client
initiates a connection request, the server and the client establish a TCP
connection.
The two parties determine a version to use.
SSH supports multiple algorithms. Based on the local algorithms, the two
parties negotiate the following algorithms:
•
Key exchange algorithm for generating session keys.
•
Encryption algorithm for encrypting data.
•
Public key algorithm for digital signature and authentication.
•
HMAC algorithm for protecting data integrity.
The two parties use the DH exchange algorithm to dynamically generate
the session keys and session ID.
•
The session keys are used for protecting data transfer.
•
The session ID is used for identifying the SSH connection.
In this stage, the client also authenticates the server.
The SSH server authenticates the client in response to the client's
authentication request.
After passing the authentication, the client sends a session request to the
server to request the establishment of a session (or request the Stelnet,
SFTP, SCP, or NETCONF service).
After the server grants the request, the client and the server start to
communicate with each other in the session.
In this stage, you can paste commands in text format and execute them
at the CLI. The text pasted at one time must be no more than 2000 bytes.
To execute the commands successfully, HP recommends that you paste
commands that are in the same view.
To execute commands of more than 2000 bytes, save the commands in
a configuration file, upload the file to the server through SFTP, and use it
to restart the server.
301
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
