Secure Shell (SSH) is a mechanism for allowing secure remote access to management functions on a Foundry
device. SSH provides a function similar to Telnet. Users can log into and configure the device using a publicly or
commercially available SSH client program, just as they can with Telnet. However, unlike Telnet, which provides
no security, SSH provides a secure, encrypted connection to the device.
SSH supports Arcfour, IDEA, Blowfish, DES (56-bit) and Triple DES (168-bit) data encryption methods. Nine
levels of data compression are available. You can configure your SSH client to use any one of these data
compression levels when connecting to a Foundry device.
Foundry devices also support Secure Copy (SCP) for securely transferring files between a Foundry device and
SCP-enabled remote hosts. See "Using Secure Copy" on page 4-9 for more information.
NOTE: SSH is supported on the following Foundry devices:
•
NetIron Internet backbone routers
•
BigIron Chassis devices with Management II or higher modules
•
FastIron II and FastIron II Plus (switch and basic Layer 3 code only)
•
NetIron Layer 3 Switch (stackable, octal version)
•
FastIron Workgroup Layer 2 Switch (8MB models only, switch code only)
NOTE: Foundry's implementation of SSH supports SSH version 1 only. All references to SSH in this document
are to SSH version 1.
Foundry's implementation of SSH supports two kinds of user authentication:
•
RSA challenge-response authentication, where a collection of public keys are stored on the device. Only
clients with a private key that corresponds to one of the stored public keys can gain access to the device using
SSH.
•
Password authentication, where users attempting to gain access to the device using an SSH client are
authenticated with passwords stored on the device or on a TACACS/TACACS+ or RADIUS server
Both kinds of user authentication are enabled by default. You can configure the device to use one or both of them.
Configuring Secure Shell on a Foundry device consists of the following steps:
1.
Setting the Foundry device's host name and domain name
2.
Generating a host RSA public and private key pair for the device
December 2000
Configuring Secure Shell
Chapter 4
4 - 1