30
Configuring SSH
•
•
•
•
•
Supported features
The SSH server allows secure remote access management functions on a device. SSH provides a
function that is similar to Telnet, but unlike Telnet, SSH provides a secure, encrypted connection.
SSHv2 support includes the following:
•
•
•
•
•
•
•
•
•
Configuring SSH
Brocade's implementation of SSH supports two kinds of user authentication:
•
•
Both kinds of user authentication are enabled by default. You can configure the device to use one
or both of them.
To configure Secure Shell on a device, do the following.
906
Van Dyke SecureCRT 4.0 and 4.1
F-Secure SSH Client 5.3 and 6.0
PuTTY 0.54 and 0.56
OpenSSH 3.5_p1 and 3.6.1p2
Solaris Sun-SSH-1.0
The following encryption cipher algorithm are supported. They are listed in order of preference:
•
aes256-cbc: AES in CBC mode with 256-bit key
•
aes192-cbc: AES in CBC mode with 192-bit key
•
aes128-cbc: AES in CBC mode with 128-bit key
•
3des-cbc: Triple-DES
Key exchange methods, in the order of preference are:
•
diffie-hellman-group1-sha1
•
diffie-hellman-group14-sha1
Public key algorithm is ssh-dss.
Data integrity is ensured with hmac-sha1 algorithm.
Supported authentication methods are Password and publickey.
Compression is not supported.
TCP/IP port forwarding, X11 forwarding, and secure file transfer are not supported.
SSH version 1 is not supported.
SCP supports AES encryption
DSA challenge-response authentication, where a collection of public keys are stored on the
device. Only clients with a private key that corresponds to one of the stored public keys can
gain access to the device using SSH.
Password authentication, where users attempting to gain access to the device using an SSH
client are authenticated with passwords stored on the device or on a TACACS, TACACS+ or
RADIUS server
BigIron RX Series Configuration Guide
53-1001986-01