Secure Shell (SSH) Introduction
©2008 Allied Telesis Inc. All rights reserved.
43.2
AlliedWare Plus
TM
Operating System Software Reference C613-50003-00 REV E
Software Version 5.2.1
Introduction
This chapter describes how the Secure Shell protocol is implemented in the
AlliedWare Plus
TM
OS. It covers:
■
support for Secure Shell
■
configuring your device as a Secure Shell server and client
■
using Secure Shell to manage your device
The AlliedWare Plus
TM
OS supports SSH version 2 and SSH version 1.5, making it backwards
compatible with SSH version 1.
Secure management is important in modern networks, as the ability to easily and effectively
manage switches and routers, and the requirement for security, are two almost universal
requirements. Protocols such as Telnet and rlogin allow you to manage devices remotely, but
can have serious security problems, such as relying on reusable plaintext passwords that are
vulnerable to wiretapping or password guessing. The Secure Shell (SSH) protocol is superior to
these protocols by providing encrypted and strongly authenticated remote login sessions.
SSH provides sessions between a host running a SSH server and a machine with a SSH client.
The AlliedWare Plus
TM
OS includes both a SSH server and a SSH client to enable you to
securely—with the benefit of cryptographic authentication and encryption—manage your
devices over an insecure network:
■
SSH replaces Telnet for remote terminal sessions; SSH is strongly authenticated and
encrypted.
■
Remote command execution allows you to send commands to a device securely and
conveniently, without requiring a terminal session on the device.
■
SSH allows you to connect to another host from your switch or router.
The AlliedWare Plus
TM
OS supports Secure Copy (SCP) and SSH File Transfer Protocol
(SFTP). Both these protocols allow you to securely copy files between your device and remote
machines. SFTP provides additional features from SCP, such as allowing you to manipulate the
remote files, and halt or resume file transfers without closing the session.
Secure Shell on the AlliedWare Plus
TM
OS
The AlliedWare Plus
TM
OS implementation of SSH is compatible with the following RFCs and
Internet Drafts:
■
The Secure Shell (SSH) Protocol Architecture (
RFC 4251)
■
The Secure Shell (SSH) Authentication Protocol (
RFC 4252)
■
The Secure Shell (SSH) Transport Layer Protocol (
RFC 4253)
■
The Secure Shell (SSH) Connection Protocol (
RFC 4254)
■
The SSH (Secure Shell) Re
m
ote Login Protocol (
draft-ylonen-ssh-protocol-00.txt)
■
SSH File Transfer Protocol
(draft-ietf-secsh-filexfer-13.txt)