Ssh Support For Suite B; Protocols And Standards - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
NOTE:
SSH1 clients do not support secondary password authentication that is initiated by the AAA server.
Publickey authentication
The server authenticates a client by verifying the digital signature of the client. The publickey
authentication process is as follows:
1.
The client sends the server a publickey authentication request that includes the username,
public key, and public key algorithm name.
If the digital certificate of the client is required in authentication, the client also encapsulates the
digital certificate in the authentication request. The digital certificate carries the public key
information of the client.
2.
The server verifies the client's public key.
If the public key is invalid, the server informs the client of the authentication failure.
If the public key is valid, the server requests the digital signature of the client. After receiving
the signature, the server uses the public key to verify the signature, and informs the client of
the authentication result.
When acting as an SSH server, the device supports using the public key algorithms RSA, DSA, and
ECDSA to verify digital signatures.
When acting as an SSH client, the device supports using the public key algorithms RSA, DSA, and
ECDSA to generate digital signatures.
For more information about public key configuration, see
Password-publickey authentication
The server requires SSH2 clients to pass both password authentication and publickey authentication.
However, an SSH1 client only needs to pass either authentication.
Any authentication
The server requires clients to pass password authentication or publickey authentication.
SSH support for Suite B
Suite B contains a set of encryption and authentication algorithms that meet high security
requirements.
The SSH server and client support using the X.509v3 certificate for identity authentication in
compliance with the algorithm, negotiation, and authentication specifications defined in RFC 6239.
Table 19 Suite B algorithms
Security
level
128-bit
192-bit
Both
Protocols and standards
RFC 6239, Suite B Cryptographic Suites for Secure Shell (SSH)
Table 19
lists all algorithms in Suite B.
Key exchange
algorithm
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp256
ecdh-sha2-nistp384
"Managing public
Encryption algorithm
and HMAC algorithm
AEAD_AES_128_GCM
AEAD_AES_256_GCM
AEAD_AES_128_GCM
AEAD_AES_256_GCM
358
keys."
Public key algorithm
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
Advertisement
Table of Contents
Troubleshooting
