Ssh Authentication Methods - HPE FlexNetwork 5510 HI Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 5510 HI Series:
- Configuration manual (572 pages) ,
- Mpls configuration manual (505 pages) ,
- Layer 3 - ip routing configuration manual (486 pages)
Table of Contents
Advertisement
Stages
Version negotiation
Algorithm negotiation
Key exchange
Authentication
Session request
Interaction
SSH authentication methods
This section describes authentication methods that are supported by the device when it acts as an
SSH server.
Password authentication
The SSH server authenticates a client through the AAA mechanism. The password authentication
process is as follows:
1.
The client sends the server an authentication request that includes the encrypted username
and password.
2.
The server performs the following operations:
a. Decrypts the request to get the username and password in plain text.
b. Verifies the username and password locally or through remote AAA authentication.
c. Informs the client of the authentication result.
If the AAA server requires the user to enter a password for secondary authentication, it sends the
SSH server an authentication response carrying a prompt. The prompt is transparently transmitted to
the client to notify the user to enter a specific password. When the user enters the correct password,
the AAA server examines the password validity. If the password is valid, the SSH server returns an
authentication success message to the client.
For more information about AAA, see
Description
TCP connection.
The two parties determine a version to use.
SSH supports multiple algorithms. Based on the local algorithms, the
two parties negotiate the following algorithms:
•
Key exchange algorithm for generating session keys.
•
Encryption algorithm for encrypting data.
•
Public key algorithm for digital signature and authentication.
•
HMAC algorithm for protecting data integrity.
The two parties use the DH exchange algorithm to dynamically
generate the session keys and session ID.
•
The session keys are used for protecting data transfer.
•
The session ID is used for identifying the SSH connection.
In this stage, the client also authenticates the server.
The SSH server authenticates the client in response to the client's
authentication request.
After passing the authentication, the client sends a session request to
the server to request the establishment of a session (or request the
Stelnet, SFTP, SCP, or NETCONF service).
After the server grants the request, the client and the server start to
communicate with each other in the session.
In this stage, you can paste commands in text format and execute
them at the CLI. The text pasted at one time must be no more than
2000 bytes. As a best practice to execute the commands successfully,
paste commands that are in the same view.
To execute commands of more than 2000 bytes, save the commands
in a configuration file, upload the file to the server through SFTP, and
use it to restart the server.
"Configuring
AAA."
329
- Quick Links:
- Radius
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
