3com 5500-SI Manual De Usuario
SSH Terminal Services 507
way: The RSA public key of the client user is configured at the server. The client
first sends the member modules of its RSA public key to the server, which checks
its validity. If it is valid, the server generates a random number, which is sent to the
client after being encrypted with RSA public key. Both ends calculate
authentication data based on the random number and session ID. The client sends
the authentication data calculated back to the server, which compares it with its
attention data obtained locally. If they match exactly, the user is allowed to access
the Switch. Otherwise, authentication process fails.
first sends the member modules of its RSA public key to the server, which checks
its validity. If it is valid, the server generates a random number, which is sent to the
client after being encrypted with RSA public key. Both ends calculate
authentication data based on the random number and session ID. The client sends
the authentication data calculated back to the server, which compares it with its
attention data obtained locally. If they match exactly, the user is allowed to access
the Switch. Otherwise, authentication process fails.
■
Session request stage: The client sends session request messages to the server
which processes the request messages.
which processes the request messages.
■
Interactive session stage: Both ends exchange data till the session ends.
Session packets are encrypted in transfer and the session key is generated
randomly. Encryption is used in exchanging session key and RSA authentication
achieves key exchange without transfer over the network. SSH can protect
server-client data security. The authentication will also start even if the username
received is not configured at the server, so malicious intruders cannot judge
whether a username they key in exists or not. This is also a way to protect a
username.
randomly. Encryption is used in exchanging session key and RSA authentication
achieves key exchange without transfer over the network. SSH can protect
server-client data security. The authentication will also start even if the username
received is not configured at the server, so malicious intruders cannot judge
whether a username they key in exists or not. This is also a way to protect a
username.
Configuring SSH Server
Basic configuration tasks refer to those required for successful connection from SSH
client to SSH server, which advanced configuration tasks are those modifying SSH
parameters.
client to SSH server, which advanced configuration tasks are those modifying SSH
parameters.
Configuration tasks on the SSH server include:
■
Setting system protocol and link maximum
■
Configuring and deleting local RSA key pair
■
Configuring authentication type
■
Defining update interval of server key
■
Defining SSH authentication timeout value
■
Defining SSH authentication retry value
■
Entering public key view and editing public key
■
Associating public key with SSH user
Setting System Protocol
You must specify SSH protocol for the system before enabling SSH.
Perform the following configuration in System View.
Table 577 Setting System Protocols and Link Maximum
By default, the system supports Telnet and SSH protocols.
If SSH protocol is specified, to ensure a successful login, you must configure the AAA
authentication using the
authentication using the
authentication-mode scheme
command. The
protocol
inbound ssh
configuration fails if you configure
authentication-mode password
and
authentication-mode none
. When you configure SSH protocol successfully for
the user interface, then you cannot configure
authentication-mode password
and
authentication-mode none
any more.
Operation
Command
Set system protocol and link maximum protocol inbound { all | ssh | telnet }