Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

201

202

203

204

205

206

207

208

209

210

Chapter 5: System Security Efficient Networks

Router family

Technical Reference Guide

Page 5-72 Efficient Networks

Once the secure session has been established, the user (on the client end) must still

provide a username and password for further authentication. If the user has the

proper privileges, access to the authorized management facilities are granted. For

example, if a user has established a secure (SSH) connection across the WAN,

access may still be denied if their user account is set to LAN access only privilege.

For more information on user privileges, see “User Authentication” on page 5-2.

Key Exchange

Diffie-Hellman is the key exchange system used for authentication in the

establishment and maintenance of SSH connections. Diffie-Hellman is an algorithm

by which two factions can agree on a shared secret key, known only to them. The

secret is negotiated over an insecure network without the two parties ever passing the

actual shared secret, or their private keys, between them.

A synopsis of the algorithm is as follows: The server and client choose a property p

and a property g; these properties are shared by both the server and the client. Each

end then computes a random private key integer priv_key. The length of priv_key is at

most (number of bits in p) - 1. (Parameter p is a prime number and parameter g,

usually called a generator, is an integer less than p).

A public key is then generated for both ends based on g, priv_key, and p. The keys

are then exchanged. The shared secret key is generated based on the exchanged

public key, the private key, and p. The mathematical principles involved insure that

both parties will generate the same shared secret key.

The key length are:

• Public Key (prime number) length: 768 bits; 1024 bits; 1536 bits; 2048 bits.

• Private Key length: from 160 to 240 bits.

Managing SSH

Normally the default SSH configuration would support most secure connection

scenarios, but SSH provides a variety of configurable parameters for specific

requirements. These parameters are described that follow. To view the current SSH

settings, use the following command.

-> ssh list

Figure 5-12: Session Presentation Phase

Client

Server

Requests (commands)