Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

211

212

213

214

215

216

217

218

219

220

Chapter 5: System Security Efficient Networks

Router family

Technical Reference Guide

Page 5-74 Efficient Networks

• Key pairs can also be generated with SSH corporations Key Generation

software (only) offline and then installed onto the system. The keys can be

installed via the Web Interface Load Keys form, or by using the following

commands:

-> ssh load privatekey tftp@<server-addr>:<priv-key-file>

-> ssh load publickey tftp@<server-addr>:<pub-key-file>

Re-Key Interval

If required, a Diffie-Hellman re-key interval can be specified. The interval can be set

from every minute to 10 hours. Increments are whole minutes with 60 the default

setting. Since some clients may not have the ability to re-exchange keys, a value of

zero (0) can be set to disable re-key exchanges. This parameter is configured on the

Configure SSH form or by entering the following command:

-> ssh set rekey <interval>

Encryption Options

The following encryption options are supported for SSH communication. The selected

method is configured locally on the router (or server). When a client initiates a

session, the encryption type is realized and the client adheres to the server encryption

mode. If the encryption method is not supported on the client side, the connection will

fail. All encryption is performed via software algorithm. The encryption options

supported include:

DES

DES is a symmetric secret key algorithm. The key size is 64-bits. It is commonly

known as a 56-bit key as the key has 56 significant bits; the least significant bit in

every byte is the parity bit.

3DES

Triple DES or 3DES is a version of DES that consists of a DES encryption with one

key, a decryption with a second key and then an encryption with a third key. The result

is equivalent to DES with a 168 bit key. 3DES is the default encryption method.

Twofish

Twofish uses 40 32-bit subkeys. The first eight are used for whitening, four at the

beginning and four at the end are XORed with the entire block. Each round uses two

of the remaining 32 subkeys, and so Twofish has sixteen rounds.

The division of the 128-bit block into four 32-bit quarters is done using the "little-

endian" convention, which presumably means the left-most quarter is the earliest one,

but the least significant numerically.