Reference Guide
876 | Security
www.dell.com | support.dell.com
If rejected by the AAA server, the command is not added to the running config, and messages similar to
Message 1 are displayed.
Protection from TCP Tiny and Overlapping Fragment Attacks
Tiny and overlapping fragment attack is a class of attack where configured ACL entries—denying TCP
port-specific traffic—can be bypassed, and traffic can be sent to its destination although denied by the
ACL. RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured
into the line cards and enabled by default.
SCP and SSH
Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an
insecure network. FTOS is compatible with SSH versions 1.5 and 2, both the client and server modes. SSH
sessions are encrypted and use authentication.
FTOS supports both inbound and outbound SSH sessions using IPv4 or IPv6 addressing. Inbound SSH
supports accessing the system through the management interface as well as through a physical Layer 3
interface.
For details on command syntax, refer to the Security chapter in the FTOS Command Line Interface
Reference.
SCP is a remote file copy program that works with SSH and is supported by FTOS.
To use the SSH client, use the following command in the EXEC Privilege mode:
Message 1 Configuration Command Rejection
04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command
authorization failed for user (denyall) on vty0 ( 10.11.9.209 )
Note: The Windows-based WinSCP client software is not supported for secure copying between a PC
and an FTOS-based system. Unix-based SCP client software is supported.
Command Syntax Command Mode Purpose
ssh {hostname | hostip}
[
-l username | -p
port-number | -v {1 | 2}
EXEC Privilege Open an SSH connection specifying the hostname or hostip,
username, port number, and version of the SSH client.
hostip is the IP address of the remote device, which can be an
IPv4 address (A.B.C.D)or IPv6 address (X:X:X:X::X).