Hardware manual
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 24 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
2.2.9 EXPLICIT: SSH (FCS_SSH_EXT.1)
2.2.9.1 FCS_SSH_EXT.1.1
TSS Assurance Activities: None Defined
Guidance Assurance Activities: None Defined
Testing Assurance Activities: None Defined
2.2.9.2 FCS_SSH_EXT.1.2
TSS Assurance Activities: The evaluator shall check to ensure that the TSS contains a description of the public key
algorithms that are acceptable for use for authentication, that this list conforms to FCS_SSH_EXT.1.5, and ensure
that password-based authentication methods are also allowed.
Section 6.2 indicates the SSH implementation supports AES CBC 128 and 256, HMAC-SHA-1, and RSA. These values
match the SFR. Section 6.2 also indicates that both public-key and password based authentication can be
configured.
Guidance Assurance Activities: None Defined
Testing Assurance Activities: The evaluator shall also perform the following tests:
Test 1: The evaluator shall, for each public key algorithm supported, show that the TOE supports the use of that
public key algorithm to authenticate a user connection. Any configuration activities required to support this test
shall be performed according to instructions in the operational guidance.
Test 2: Using the operational guidance, the evaluator shall configure the TOE to accept password-based
authentication, and demonstrate that a user can be successfully authenticated to the TOE over SSH using a
password as an authenticator.
The evaluator used the Putty client to connect to the TOE using password authentication. The evaluator performed
this test using ASE 128 and ASE 256 encryption.