GarrettCom MNS-6K 4.1.4 Switch User Manual


 
MAGNUM 6K SWITCHES, MNS-6K USER GUIDE
The user authentication layer (RFC 4252). This layer handles client authentication and
provides a number of authentication methods. Authentication is client-driven, a fact
commonly misunderstood by users; when one is prompted for a password, it may be the
SSH client prompting, not the server. The server merely responds to client's
authentication requests. Widely used user authentication methods include the following:
o "password": a method for straightforward password authentication, including a
facility allowing a password to be changed. This method is not implemented by all
programs.
o "publickey": a method for public key-based authentication, usually supporting at
least DSA or RSA keypairs, with other implementations also supporting X.509
certificates.
o "keyboard-interactive" (RFC 4256): a versatile method where the server sends one
or more prompts to enter information and the client displays them and sends back
responses keyed-in by the user. Used to provide one-time password authentication
such as S/Key or SecurID. Used by some OpenSSH configurations when PAM is
the underlying host authentication provider to effectively provide password
authentication, sometimes leading to inability to log in with a client that supports
just the plain "password" authentication method. This method is not supported.
o GSSAPI authentication methods which provide an extensible scheme to perform
SSH authentication using external mechanisms such as Kerberos 5 or NTLM,
providing single sign on capability to SSH sessions. These methods are usually
implemented by commercial SSH implementations for use in organizations,
though OpenSSH does have a working GSSAPI implementation. This method is
not supported.
The connection layer (RFC 4254). This layer defines the concept of channels, channel
requests and global requests using which SSH services are provided. A single SSH
connection can host multiple channels simultaneously, each transferring data in both
directions. Channel requests are used to relay out-of-band channel specific data, such as
the changed size of a terminal window or the exit code of a server-side process. The SSH
client requests a server-side port to be forwarded using a global request. Standard channel
types include:
o "shell" for terminal shells, SFTP and exec requests (including SCP transfers)
o "direct-tcpip" for client-to-server forwarded connections
o "forwarded-tcpip" for server-to-client forwarded connections
The commands for SSH are
Syntax ssh <enable|disable|keygen> - enable or disable the server. Also can be used for generating the
key used by ssh
Syntax ssh port=<port|default> - select a different port number for SSH communication
Syntax show ssh – display the ssh settings
Magnum6K25# access
46