Ssh Terminal Services - Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Basic Configuration
9.1.3 SSH Terminal Services
The S2700 supports the basic SSH protocol, client function, SFTP protocol, STelnet protocol
and SCP.
Introduction to SSH
SSH works at the application layer in the TCP/IP protocol suite. SSH provides remote login and
virtual terminal on the network where security is guaranteed. Based on TCP connections, SSH
guarantees security and provides authentication for transmitted information, preventing the
following attacks shown in
l
l
l
In the figure, Switch is an S2700.
Figure 9-2 Establishing a local SSH connection between the PC and the S2700
SSH adopts the client/server model and sets up multiple secure transmission channels. The
Switch, as the SSH server, can be connected to multiple PCs that function as SSH clients. A
Layer 2 switch may exist between the PC and the SSH server. In the actual networking, a route
is required to be reachable between the PC and the Switch.
Advantages of SSH
The applications of SSH include STelnet and SFTP.
Different from Telnet and FTP terminal services, SSH provides secure remote access on the
network without security guaranteed. The advantages of SSH are described as follows:
l
Issue 01 (2011-07-15)
Figure
IP spoofing
Interception of the password in plain text
Denial of Service (DoS)
Telnet Session
SSH
Client
PC
Ethernet
STelnet client functions
There is a potential risk on security for login through Telnet because there is no
authentication and the data transmitted through TCP is in plain text. The insecure access
results in malicious attacks including DoS attacks, IP spoofing attacks, and route spoofing
attacks.
SSH provides secure remote access on an insecure network by supporting the following
functions:
– Supporting Revest-Shamir-Adleman Algorithm (RSA) authentication
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-2:
VLAN1
L2 Switch
Ethernet
9 Telnet and SSH
SSH
Server
Switch
118
Advertisement
Table of Contents
