Alcatel OmniSwitch/Router Betriebsanweisung Seite 79
- Seite / 346
- Inhaltsverzeichnis
- FEHLERBEHEBUNG
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
Logging Into the Switch Using Secure Shell
OmniSwitch 6250/6450 Switch Management Guide May 2012 page 2-15
Secure Shell Authentication
Secure Shell authentication is accomplished in several phases using industry standard algorithms and
exchange mechanisms. The authentication phase is identical for Secure Shell and Secure Shell FTP. The
following sections describe the process in detail.
Protocol Identification
When the Secure Shell client in the OmniSwitch connects to a Secure Shell server, the server accepts the
connection and responds by sending back an identification string. The client will parse the server’s identi-
fication string and send an identification string of its own. The purpose of the identification strings is to
validate that the attempted connection was made to the correct port number. The strings also declare the
protocol and software version numbers. This information is needed on both the client and server sides for
debugging purposes.
At this point, the protocol identification strings are in human-readable form. Later in the authentication
process, the client and the server switch to a packet-based binary protocol, which is machine readable
only.
Algorithm and Key Exchange
The OmniSwitch Secure Shell server is identified by one or several host-specific DSA keys. Both the
client and server process the key exchange to choose a common algorithm for encryption, signature, and
compression. This key exchange is included in the Secure Shell transport layer protocol. It uses a key
agreement to produce a shared secret that cannot be determined by either the client or the server alone.
The key exchange is combined with a signature and the host key to provide host authentication. Once the
exchange is completed, the client and the server turn encryption on using the selected algorithm and key.
The following elements are supported:
Note. The OmniSwitch generates a 512 bit DSA host key at initial startup. The DSA key on the switch is
made up of two files contained in the /flash/network directory; the public key is called
ssh_host_dsa_key.pub, and the private key is called ssh_host_dsa_key. To generate a different DSA
key, use the Secure Shell tools available on your Unix or Windows system and copy the files to the /flash/
network directory on your switch. The new DSA key takes effect after the OmniSwitch is rebooted.
Authentication Phase
When the client tries to authenticate, the server determines the process used by telling the client which
authentication methods can be used. The client has the freedom to attempt several methods listed by the
server. The server disconnects itself from the client if a certain number of failed authentications are
attempted or if a time-out period expires. Authentication is performed independent of whether the Secure
Shell interface or the SFTP file transfer protocol is implemented.
Host Key Type DSA
Cipher Algorithms AES, Blowfish, Cast, 3DES, Arcfour, Rijndael
Signature Algorithms MD5, SHA1
Compression Algorithms None Supported
Key Exchange Algorithms diffie-hellman-group-exchange-sha1
diffie-hellman-group1-sha1
- OmniSwitch 6250/6450 1
- Switch Management Guide 1
- Contents 10
- About This Guide 13
- Who Should Read this Manual? 14
- What is in this Manual? 14
- What is Not in this Manual? 15
- Documentation Roadmap 16
- Related Documentation 18
- User Manual CD 20
- Technical Support 20
- 1 Managing System Files 21
- File Transfer 23
- Switch Directories 24
- File and Directory Management 25
- Using Wildcards 27
- Directory Commands 28
- Changing Directories 29
- Displaying Directory Contents 30
- Making a New Directory 31
- Copying an Existing Directory 32
- File Commands 34
- Secure Copy an Existing File 35
- Delete an Existing File 36
- Managing Files on Switches 37
- Utility Commands 38
- Using Secure Shell FTP 43
- Using TFTP to Transfer Files 45
- Using Zmodem 45
- Directories on the Switch 47
- Available Image Files 48
- Verifying Directory Contents 55
- Installing Software Licenses 56
- Licensed Features 57
- Setting the System Clock 59
- Enabling DST 62
- 2 Logging Into the Switch 65
- Login Specifications 67
- Login Defaults 67
- Management Interfaces 70
- User Accounts 71
- Using Telnet 72
- Using FTP 74
- Secure Shell Interface 77
- Secure Shell Authentication 79
- Connection Phase 80
- Modifying the Login Banner 85
- Configuring Login Parameters 87
- Enabling the DNS Resolver 88
- Verifying Login Settings 89
- 3 Using SNMP 91
- SNMP Specifications 92
- SNMP Defaults 92
- Using SNMP SNMP Defaults 93
- Management Station 94
- Filtering by Trap Families 95
- Filtering by Individual Traps 96
- SNMP Overview 97
- SNMP Versions 98
- Using SNMP SNMP Overview 99
- Configuring Community Strings 100
- Setting SNMP Security 102
- Working with SNMP Traps 103
- Authentication Trap 104
- Trap Management 104
- SNMP MIB Information 105
- Industry Standard MIBs 106
- Enterprise (Proprietary) MIBs 110
- 4 Configuring Network Time 115
- Protocol (NTP) 115
- NTP Specifications 116
- NTP Defaults Table 116
- NTP Quick Steps 117
- NTP Overview 119
- Using NTP in a Network 120
- Authentication 122
- Configuring NTP 123
- NTP Servers 124
- Setting the Version Number 125
- Marking a Server as Preferred 125
- Using Authentication 126
- Verifying NTP Configuration 127
- 5 Managing CMM 129
- Directory Content 129
- CMM Specifications 130
- CMM Files 131
- Software Rollback Feature 132
- Redundancy 137
- (Non-Redundant) 141
- Scheduling a Reboot 142
- Cancelling a Scheduled Reboot 142
- -> show reload 143
- -> show reload status 143
- Working Certified 144
- Primary CMM 144
- -> write memory 145
- Cancelling a Rollback Timeout 148
- -> copy working certified 150
- -> copy certified working 150
- Show Switch Files 152
- Rebooting the Switch 153
- -> copy flash-synchro 156
- -> takeover 157
- Using the USB Flash Drive 160
- Disaster Recovery Using USB 161
- Displaying CMM Conditions 163
- 6 Using the CLI 165
- CLI Specifications 166
- CLI Overview 167
- Text Conventions 168
- Using “Show” Commands 169
- Using the “No” Form 169
- Using “Alias” Commands 169
- Partial Keyword Completion 170
- Command Help 171
- Debug UPDATE, SHOW, NO, DEBUG 172
- Command Set Name Commands 172
- CLI Services 175
- Inserting Characters 176
- Syntax Checking 177
- Prefix Recognition 177
- Show Prefix 178
- Command History 179
- Enabling Command Logging 181
- Disabling Command Logging 181
- Changing the Screen Size 183
- Changing the CLI Prompt 183
- Displaying Table Information 184
- Filtering Table Information 185
- Multiple User Sessions 186
- Terminating Another Session 188
- Application Example 189
- Verifying CLI Usage 191
- 7 Working With 193
- Configuration Files 193
- Configuration Files Overview 198
- Cancelling a Timed Session 199
- Setting the Error File Limit 200
- Displaying a Text File 201
- Text Editing on the Switch 201
- Snapshot Feature List 202
- User-Defined Naming Options 203
- Editing Snapshot Files 203
- Example Snapshot File Text 204
- Verifying File Configuration 206
- 8 Managing Automatic 207
- Remote Configuration 207
- Download 207
- • Pathname: 255 characters 208
- • Filename: 63 characters 208
- Overview 211
- Network Components 212
- LED Status 213
- UDP/DHCP Relay 214
- Process Illustration 216
- Additional Process Notes 217
- Download Component Files 218
- Instruction File Syntax 219
- Firmware Upgrade Files 220
- Bootup Configuration File 220
- Debug Configuration File 221
- Script File 221
- Aggregate Association 222
- Nearest-Edge Mode Operation 226
- Access Switch 227
- Zero Touch License Upgrade 228
- Troubleshooting 229
- Script File Errors 230
- Error Description Table 231
- 9 Managing Switch User 233
- Accounts 233
- User Database Specifications 234
- User Account Defaults 234
- Overview of User Accounts 236
- “Managing Switch Security.” 237
- Startup Defaults 238
- Default User Settings 241
- How User Settings Are Saved 243
- Creating a User 244
- Removing a User 245
- User-Configured Password 246
- 4 Enter the password again 247
- Default Password Expiration 252
- -> user password-history 2 253
- -> user password-history 0 253
- -> user password-min-age 7 254
- -> user lockout-window 30 255
- -> user lockout j_smith 258
- -> user unlock j_smith 258
- -> user thomas no snmp 263
- Setting Up End-User Profiles 264
- Creating End-User Profiles 265
- 10 Managing Switch Security 271
- Switch Security Defaults 272
- Switch Security Overview 273
- Authenticated Switch Access 274
- ASA and Authenticated VLANs 275
- Enabling Switch Access 280
- Using Secure Shell 281
- 11 Using WebView 285
- WebView CLI Defaults 286
- Browser Setup 286
- WebView CLI Commands 287
- Enabling/Disabling SSL 288
- Changing the HTTPS Port 288
- WebView Overview 289
- Toolbar 290
- View/Configuration Area 291
- A Software License and 293
- Copyright Statements 293
- C. Linux 297
- E. University of California 302
- G.Random.c 302
- H. Apptitude, Inc 303
- I. Agranat 303
- J. RSA Security Inc 303
- K. Sun Microsystems, Inc 304
- L. Wind River Systems, Inc 304
- N.Remote-ni 305
- O.GNU Zip 305
- Q.Boost C++ Libraries 306
- R. U-Boot 306
- S. Solaris 306
- U. CURSES 307
- V. Z M o d e m 307
- W.Boost Software License 307
- X. OpenLDAP 307
- Y. B IT M A P.C 308
- Z. University of Toronto 308
- AA.Free/OpenBSD 308
- B SNMP Trap Information 309
- SNMP Traps Table 310
- alaPimGroup 327
Verwandte Produkte und Handbücher für Vernetzung Alcatel OmniSwitch/Router
(8 Seiten)© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.043 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern