Fujitsu Siemens Computers SX series User Manual page 21

Operating concept of the SX servers
If the SSH is to be used on the BS2000 partition (i.e. the product OpenSSH is installed), the
rlogin, rsh, rcp, ftp and telnet services offered on the LAN are deactivated automatically and
they are replaced by the equivalent SSH interfaces ssh, scp and sftp. In this case the host-
and ID-specific SSH configuration files (both in the partitions and on the SMC) are included
in the system data backup; X2000 itself then uses a secure transfer mechanism based on
DomainAdmin of the PRIMEPOWER ServerView Suite for communication between the
partitions and the SMC.
The following features of Secure Shell are used:
Powerful authentication mechanisms
With the asymmetrical process for private/public keys at host and user level SSH incor-
porates powerful authentication mechanisms. Here the private keys can be protected
by pass phrases. Integration into other authentication procedures such as Kerberos,
SecurID, PGP, TIS Gauntlet and PAM is also possible.
Strong encryption
Open SSH uses, among other things, 3DES and Blowfish as the encryption algorithms.
Both are unpatented. Here SSH Version 2 offers considerably more and more powerful
encryption algorithms than Version 1. Encryption commences before authentication.
No passwords, private keys, commands or user data are transmitted in plain text.
X11 Forwarding
X11 forwarding enables X-Windows network traffic to be coded in such a way that no
one is able to read the data traffic simultaneously or slip in malicious commands. The
data traffic for administration of the SX servers as part of the operating concept is
therefore protected.
Port Forwarding
Port forwarding enables TCP/IP connections to be forwarded to a remote machine via
a coded protocol. Applications can therefore be made more secure.
U41272-J-Z385-3-76
Notes on security
21