Dell Networking N4000 Series Configuration Manual page 210
Stackable layer 2 and 3 switches
Hide thumbs
Also See for Networking N4000 Series:
- Getting started manual (378 pages) ,
- Configuration manual (17 pages) ,
- Reference manual (2332 pages)
Table of Contents
Advertisement
The methods available for authentication are: host-based authentication,
public key authentication, challenge-response authentication, and password
authentication. Authentication methods are tried in the order specified
above, although SSH-2 has a configuration option to change the default
order.
Host-based authentication operates as follows:
If the host from which the user logs in is listed in a specific file
(/etc/hosts.equiv or /etc/ssh/shosts.equiv) on the remote host, and the user
names are the same on both hosts, or if the files ~/.rhosts or ~/.shosts exist in
the user's home directory on the remote host and contain a line containing
the name of the client machine and the name of the user on that machine,
the user is considered for login. Additionally, the server must be able to verify
the client's host key for login to be permitted. This authentication method
closes security holes due to IP spoofing, DNS spoofing, and routing spoofing.
This authentication method is not implemented by DNOS.
Public key authentication operates as follows:
The administrator first generates a pair of encryption keys, the "public" key
and the "private" key. Messages encrypted with the private key can only be
decrypted by the public key, and vice-versa. The administrator keeps the
private key on his/her local machine, and loads the public key on to the
switch. When the administrator attempts to log into the switch, the protocol
sends a brief message, encrypted with the public key. If the switch can decrypt
the message (and can send back some proof that it has done so) then the
response proves that switch must possess the private key, and user is
authenticated without giving a username/password.
This method is implemented in DNOS. If the user does not present a
certificate, it is not considered an error, and authentication will continue with
challenge-response authentication.
Challenge-response authentication works as follows:
The switch sends an arbitrary "challenge" text and prompts for a response.
SSH-2 allows multiple challenges and responses; SSH-1 is restricted to one
challenge/response only. Examples of challenge-response authentication
include BSD Authentication.
Finally, if all other authentication methods fail, SSH prompts the user for a
password.
210
Configuring Authentication, Authorization, and Accounting
Hide quick links:
Advertisement
Table of Contents
