Enterasys Enterasys Matrix DFE-Gold Series Guía de usuario descargar pdf (Pagina 40)

Configuring Secure Shell (SSH) Server

3-8 Using the CLI

Configuring Secure Shell (SSH) Server

Understanding the SSHv2 Protocol

SecureShell(SSH)isa“secure”replacementforTelnet.WhenusingTelnet,allcommunications,

includingpasswords,aresentacrossthenetworkincleartext(tha tis,un‐encrypted),making

eavesdroppingoncommunicationsaneasytaskforaknowledgeableuserwithaccesstothe

network.SSHprovidesthesameremoteaccessto

theMatrixDFESeriesorN‐SAdevicethat

Telnetprovides,butdoessosecurelybyencryptingallsessiondata,includingpasswords.SSH

alsoprovidesthefollowingadditionalsecurityfeatures:

• Public‐keyauthenticationoftheserver.Thisfeatureenablestheclienttovalidatetheserver’s

authenticity,makingitdifficultfor

anattackertomasqueradeastheserver.

• Digitallysigning

allpackets.Thisfeatureusescryptographicallystrongmessagedigeststo

authenticateallcommunications,preventinganattackerfromsuccessfullyinterceptingand

alteringinformation.

SSHserverisdisabledontheMatrixDFESeriesandN‐SAdevicesbydefault.InordertorunSSH

initsdefaultconfiguration,youmustcompletethefollowing

stepsdescribedinthissection.

•Generatehostkeys

•EnableSSHserver

About Host Keys

SSHserverauthenticatesitselftotheclientthroughahostkey.Hostkeysareasymmetric

encryptionkeyscommonlyusedinwhatisknownaspublickeycryptography.SSHserveruses

uniquehostkeys,eachconsistingofapairofkeys,generatedsimultaneously.Althoughthe

generatedkeysarerelated,onecannotbe

derivedfromtheother.Thefirstkeyofthegenerated

pair,thepublickey,canbepublishedfreelyandisusedbySSHclients tosecurelyidentifythe

SSHserver.Thesecondkeyofthegeneratedpair,thesecretkey,isstoredinasafeplaceand

shouldneverbe

divulged.ThiskeyisusedbytheSSHservertosecurelyidentifyitselftoSSH

clients.

TheSSH‐2protocolmakestwodistincttypesofhostkeysavailable:theDigitalSignature

Algorithm(DSA)andtheRivest‐Shamir‐Adleman(RSA)algorithm.BothDSAandRSAareNIST‐

approveddigitalsignaturealgorithms.

Afterverifying

serverauthenticity,theSSHclientgeneratesakeytouseuntilitdisconnectsfrom

theserver.Oncetheclientandserverhavecopiesofthekey,theywilluseittoencryptallfurther

communications.Inadditiontoencryptingeachpacket, boththeclientandserverwillstam p each

outgoing

packetwithdatathatcanbeusedtovalidatethecontentsofthepackets.Thisstamp

consistsofamessageauthenticationcode(MAC)createdbyusingasecuremessagedigest

algorithmsuchasSHA‐1orMD5.Ifthecontentofthepacketchangesen‐route,MAC

authenticationwillfail.

1 2 ... 35 36 37 38 39 40 41 42 43 44 45 ... 137 138

Comentarios a estos manuales

Sin comentarios

Enterasys Enterasys Matrix DFE-Gold Series Guía de usuario Pagina 40

Comentarios a estos manuales

Relacionado con productos y manuales para Los conmutadores de red Enterasys Enterasys Matrix DFE-Gold Series