Login
- Table of Contents
-
- 06-Network
- 01-VRF
- 02-Interface
- 03-Interface pairs
- 04-Interface collaboration
- 05-4G
- 06-Security zones
- 07-VLAN
- 08-MAC
- 09-DNS
- 10-ARP
- 11-ND
- 12-GRE
- 13-IPsec
- 14-ADVPN
- 15-L2TP
- 16-SSL VPN
- 17-Routing table
- 18-Static routing
- 19-Policy-based routing
- 20-OSPF
- 21-BGP
- 22-RIP
- 23-IP multicast routing
- 24-PIM
- 25-IGMP
- 26-DHCP
- 27-HTTP
- 28-SSH
- 29-NTP
- 30-FTP
- 31-Telnet
- 32-MAC authentication
- 33-MAC address whitelist
- 34-MAC access silent MAC info
- 35-MAC access advanced settings
- 36-IP authentication
- 37-IPv4 whitelist
- 38-IPv6 whitelist
- 39-Wireless
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 28-SSH | 22.50 KB |
This help contains the following topics:
Introduction
Secure Shell (SSH) is a network security protocol. Using encryption and authentication, SSH can implement secure remote access and file transfer over an insecure network.
SSH uses the typical client-server model to establish a channel for secure data transfer based on TCP.
The device supports the following SSH applications:
· Secure Telnet—Stelnet provides secure and reliable network terminal access services.
· Secure File Transfer Protocol—Based on SSH2, SFTP uses SSH connections to provide secure file transfer.
· Secure Copy—Based on SSH2, SCP offers a secure method to copy files.
SSH includes two versions: SSH1.x and SSH2.0 (hereinafter referred to as SSH1 and SSH2), which are not compatible. SSH2 is better than SSH1 in performance and security.
When the device acts as an SSH server, it uses local password authentication to verify the username and password of the SSH client. After the SSH client passes authentication, the SSH client and the SSH server can establish a session and exchange data using this session.
Restrictions and guidelines
· To support SSH clients that use different types of key pairs, generate DSA, ECDSA, and RSA key pairs on the SSH server.
· Local DSA, ECDSA, and RSA key pairs for the SSH server use default names. You cannot assign names to the key pairs.
· The key modulus length must be less than 2048 bits when you generate the DSA key pair on the SSH server.
· After the SSH client passes authentication, attributes (for example, user role or FTP directory) assigned to the SSH client are determined by the administrator configuration on the SSH server.
· If the ACL that filters SSH clients' connection requests does not exist or contains no rules, all SSH clients can access the device.
· When acting as an SFTP server, the device does not support SFTP connections initiated by SSH1 clients.
Configure SSH
To enable the SSH server to provide Stelnet, SFTP, or SCP service, perform the following tasks:
· Generate RSA, DSA or ECDSA key pairs.
· Enable Stelnet, SFTP, or SCP service.
· Configure an administrator of the SSH service type.
