Encryption Via Ssh Protocol - Siemens SINUMERIK 840D sl Commissioning Manual

Service and diagnostics
6.5 Remote access
6.5.6

Encryption via SSH protocol

Safety
The security of SSH is ensured by a series of cryptographic algorithms for encryption and
authentication.
Authentication
The server identifies itself to the client with an RSA, DSA or ECDSA certificate, which
enables detection of manipulation in the network (no other server can identify itself as a
known server).
The client can authenticate itself either by public key authentication with a private key whose
public key is stored on the server, or with a normal password. While in the latter case, user
interaction is always necessary (unless the password is stored unencrypted on the client
computer), public key authentication allows client computers to log onto SSH servers without
user interaction, without a password having to be stored in plain text on the client. However,
for added security the private SSH keys can also be protected with a password.
Subsystems
In the case of Secure Subsystem Execution, subsystems that were defined in a SSH server
installation can be executed remotely without the precise path of the program to executed on
the server having to be known. SFTP is the most common subsystem.
However, several such subsystems are defined in the relevant RFCs:
Service
SFTP
SSH Public Key Subsystem
SNMP
Netconf
SSH transport mapping for
SYSLOG
Further information
● Chapter Setting up and using SSH (Page 93).
● "NCU Operating System" Commissioning Manual (IM7)
● Description and licenses for WinSCP and Putty.
94
SSH Connection Protocol
Subsystem Name according to
RFC4250
sftp
publickey
snmp
netconf
syslog
Commissioning Manual, 03/2013, 6FC5397-1DP40-3BA1
Relevant RFC
draft-ietf-secsh-filexfer
RFC 4819
RFC 5592
RFC 4742, errata 1628
Draft-gerhards-syslog-
transport-ssh-00.txt
PCU Base Software (IM10)