Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
101102103104105106107108109110
XSR Users Guide 69
Chapter 5 General IP Features
Configuring IP
SSH
The Secure Shell (SSH) protocol provides for safe remote login and other
network services on the XSR. Along with a user-supplied client, the SSHv2
server allows you to establish a secure connection, similar to that provided by
an inbound Telnet connection with an important exception.
Unlike Telnet, SSH encrypts the entire connection with the XSR to hide your
identity, provides data confidentiality via the negotiated choice of encryption
types such as 3DES, and offers message integrity through hashing using
SHA-1 or other algorithms such as MD5 or crypto library support for third-
party encryption ciphers such as Blowfish, Twofish, AES, CAST and
ARCfour. Enabled (by default) on the CLI with the
ip ssh server
command, SSH is further configured by specifying users, passwords,
privilege level and policy with the
aaa user, password, privilege 15 and
policy commands, the idle timeout interval for your SSH session with the
session-timeout ssh command, and user authentication with the aaa SSH
command.
Upon configuring the XSR for the first time, you should generate a host key
pair with the
crypto key dsa command, otherwise, if no key is generated,
the default key is used for any connection request. Generated host keys are
encrypted and stored in the hostkey.dat file within Flash where the file cannot
be read or copied. All SSH connection requests use the host keys stored in the
hostkey.dat file unless none have been generated or the content of the file is
corrupted in which case default keys are used to secure the connection.
NOTE
SSH is enabled by default on port 22. Be aware that with SSH enabled,
traditional facilities such as FTP, TFTP, and Telnet are not disabled so to
ensure system security, you must disable other communication services.
A number of SSH clients are commercially available. Enterasys recommends
the PuTTY client freeware as compatible and easy to configure. For step-by-
step instructions on installing PuTTY and configuring SSH, refer to Chapter
13: Configuring Security on the XSR in the XSR Users Guide.