Canon C360 Switch User Manual


 
Establishing Switch Access
66 Installation and Configuration Guide Avaya C360 Multilayer Stackable Switches, version 4.5
Establishing an SSH Connection
Introduction to SSH
SSH (Secure Shell) protocol is a security protocol that enables establishing a remote session
over a secured tunnel, also called a remote shell. SSH accomplishes this by creating a
transparent encrypted channel between the local and remote devices. In addition to remote
shell, SSH also provides secure file transfer between the local and remote devices.
SSH protocol currently has 2 versions, SSH1 and SSH2. SSH2 provides better security
protection, key distribution services, and public key certificates than SSH1. SSH2 also has
modular architecture which enables extension authentication and encryption techniques
superior to SSH1. The OpenSSH package that Avaya uses for SSH implementation only
supports SSH2.
SSH uses password authentication.
A maximum of two SSH sessions can be active per router in the stack, with two additional active
SSH sessions per stack. For example, if a stack contains three router modules, a maximum of
eight SSH sessions can be active on the stack.
The C360 agent reports SSH sessions opened to it. In addition, each router module reports the
SSH sessions opened to its router interface. You can disconnect selected SSH sessions.
The SSH session-establishment process is divided into the following stages, as shown in
Figure 21
:
SSH client connection:
To connect the SSH client:
1. The C360 and the SSH client initiate protocol handshake by exchanging the version
number and list of supported ciphers. This step is completed by agreement on the cipher to
be used for SSH secure tunnel. In addition, the client sends the C360 a unique session id
used to prevent replay attack.
2. The Diffie-Hellman protocol is then used to setup the shared session key. During this step,
the client and C360 exchange the DH (Diffie-Hellman) parameters, i.e., the prime number p
and the generator number g used by each party for deriving its private and public keys.
3. The client sends to C360 min., max and preferred values for p and the C360 sends client p
and g values. In response, the client uses them to derive its DH private key x and its DH
public key values by exponentiation of g with x, e = (g^x)mod p and sends the value e to the
C360