MAGNUM 6K SWITCHES, MNS-6K USER GUIDE
• The user authentication layer (RFC 4252). This layer handles client authentication and
provides a number of authentication methods. Authentication is client-driven, a fact
commonly misunderstood by users; when one is prompted for a password, it may be the
SSH client prompting, not the server. The server merely responds to client's
authentication requests. Widely used user authentication methods include the following:
o "password": a method for straightforward password authentication, including a
facility allowing a password to be changed. This method is not implemented by all
programs.
o "publickey": a method for public key-based authentication, usually supporting at
least DSA or RSA keypairs, with other implementations also supporting X.509
certificates.
o "keyboard-interactive" (RFC 4256): a versatile method where the server sends one
or more prompts to enter information and the client displays them and sends back
responses keyed-in by the user. Used to provide one-time password authentication
such as S/Key or SecurID. Used by some OpenSSH configurations when PAM is
the underlying host authentication provider to effectively provide password
authentication, sometimes leading to inability to log in with a client that supports
just the plain "password" authentication method. This method is not supported.
o GSSAPI authentication methods which provide an extensible scheme to perform
SSH authentication using external mechanisms such as Kerberos 5 or NTLM,
providing single sign on capability to SSH sessions. These methods are usually
implemented by commercial SSH implementations for use in organizations,
though OpenSSH does have a working GSSAPI implementation. This method is
not supported.
• The connection layer (RFC 4254). This layer defines the concept of channels, channel
requests and global requests using which SSH services are provided. A single SSH
connection can host multiple channels simultaneously, each transferring data in both
directions. Channel requests are used to relay out-of-band channel specific data, such as
the changed size of a terminal window or the exit code of a server-side process. The SSH
client requests a server-side port to be forwarded using a global request. Standard channel
types include:
o "shell" for terminal shells, SFTP and exec requests (including SCP transfers)
o "direct-tcpip" for client-to-server forwarded connections
o "forwarded-tcpip" for server-to-client forwarded connections
The commands for SSH are
Syntax ssh <enable|disable|keygen> - enable or disable the server. Also can be used for generating the
key used by ssh
Syntax ssh port=<port|default> - select a different port number for SSH communication
Syntax show ssh – display the ssh settings
Magnum6K25# access
46