Ssh Authentication Methods - HP FlexNetwork 10500 Series Security Configuration Manual

Stages
Version negotiation
Algorithm negotiation
Key exchange
Authentication
Session request
Interaction

SSH authentication methods

This section describes authentication methods that are supported by the device when it acts as an
SSH server.
Password authentication
The SSH server authenticates a client through the AAA mechanism. The password authentication
process is as follows:
1. The client sends the server an authentication request that includes the encrypted username
and password.
2. The server performs the following operations:
a. Decrypts the request to get the username and password in plain text.
b. Verifies the username and password locally or through remote AAA authentication.
c. Informs the client of the authentication result.
If the remote AAA server requires the user to enter a password for secondary authentication, it send
the SSH server an authentication response carrying a prompt. The prompt is transparently
transmitted to the client to notify the user to enter a specific password. When the user enters the
correct password, the AAA server examines the password validity. If the password is valid, the SSH
server returns an authentication success message to the client.
For more information about AAA, see
Description
The two parties determine a version to use after negotiation.
SSH supports multiple algorithms. Based on the local algorithms, the
two parties determine to use the following algorithms:
•
Key exchange algorithm for generating session keys.
•
Encryption algorithm for encrypting data.
•
Public key algorithm for digital signature and authentication.
•
HMAC algorithm for protecting data integrity.
The two parties use the DH exchange algorithm to dynamically
generate the session keys and session ID.
•
The session keys are used for protecting data transfer.
•
The session ID is used for identifying the SSH connection.
In this stage, the client also authenticates the server.
The SSH server authenticates the client in response to the client's
authentication request.
After passing the authentication, the client sends a session request to
the server to request the establishment of a session (or request the
Stelnet, SFTP, SCP, or NETCONF service).
After the server grants the request, the client and the server start to
communicate with each other in the session.
In this stage, you can paste commands in text format and execute
them at the CLI. The text pasted at one time must be no more than
2000 bytes. As a best practice to ensure correct command execution,
paste commands that are in the same view.
To execute commands of more than 2000 bytes, save the commands
in a configuration file, upload the file to the server through SFTP, and
use it to restart the server.
"Configuring AAA."
357