1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Switch
  5. Layer 3 Switches
  6. Network manual

Managing The Device Securely; Using Secure Shell (Ssh) - Allied Telesis Layer 3 Switches Network Manual

Managed layer 3 switches
Hide thumbs
Table of Contents

Advertisement

Managing the device securely

In Ethernet and broadcast networks the privacy of traffic is not guaranteed. Hubs and
networks outside the administrator's control may leak sensitive data to unwanted recipients.
A hacker may even be able to force a switch to flood unicast traffic.
Because you cannot guarantee traffic privacy, you cannot be certain that management
sessions are private. Therefore, you should always use encrypted sessions when remotely
administering network equipment, even in networks that you know well. The simplest way to
achieve this is with Secure Shell (SSH).
This section describes secure management:
"Using Secure Shell (SSH)" on page 9
"Using SSL for secure web access" on page 10
"Using SNMPv3" on page 10
Then the section ends by describing how to limit telnet access if you need to use telnet
instead of one of the recommended secure options
When you are using a secure management scheme, we recommend that you block all telnet
access to the switch, by disabling the telnet server:

Using Secure Shell (SSH)

The Secure Shell (SSH) protocol is most simply described as
an encrypted form of Telnet.
Configuration
1.
Add a security officer to your switch's list of users.
2.
Create encryption keys for SSH to use.
3.
Enable the SSH server.
4.
Add the security officer to the list of SSH users and specify a password for it. Only users
in this list can use SSH to access the switch.
5.
Enable system security.
Enabling system security makes telnet unavailable as an administrative interface—once you
have configured SSH, you have to use it.
Example
To configure SSH access for the security officer called "secoff":
Create A Secure Network With Allied Telesis Managed Layer 3 Switches
disable telnet server
add user=secoff password=securepass privilege=security telnet=yes
login=yes
create enco key=0 type=rsa length=1024 description="Host Key"
form=ssh
create enco key=1 type=rsa length=768 description="Server Key"
form=ssh
enable ssh server serverkey=1 hostkey=0 expirytime=1
logintimeout=60
add ssh user=secoff password=sameordifferentpassword
enable system security
Managing the device securely
("Whitelisting telnet hosts" on page
Products
All switches listed on page 2
Software Versions
All
12).
9
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Allied Telesis Layer 3 Switches

Related Content for Allied Telesis Layer 3 Switches

This manual is also suitable for:

At-8600At-8700xlAt-8800Rapier iSwitchbladeAt-9800 ... Show all

Table of Contents

Save Article as PDF