11.1.1 Overview

SSH is the ability to connect securely from client to server over an insecure network.

With SSH, the client and server authenticate each other, encrypt the communication, and ensure that message authentication does not change the communication. This protects communication from spoofing, eavesdropping, and tampering by malicious third parties on the network. SSH enables secure operation and administration that is protected from telnet connectivity threats (such as improper connections to spoofed servers, leakage of operational information, and data-tampering). The following diagram shows how telnet connectivity is used to manage operations securely and SSH connectivity.

Figure 11-1 Threats from telnet connections

Figure 11-2 Secure operation and management through SSH connections

You can use secure public key authentication as an authentication method for users connecting to SSH servers, in addition to password authentication used in telnet and FTP. Using public key authentication prevents passwords from being compromised and used by others.

SSH has version 1 (SSHv1) and version 2 (SSHv2). The Switch supports both SSHv1 and SSHv2.

However, it is recommended to limit the operation to SSHv2 as much as possible. The reason is that SSHv2 is more secure than SSHv1. In SSHv2, message-authentication prevents communication tampering. SSHv2 also employs cryptographic techniques that are more advanced than SSHv1.

SSH function of the Switch can be used in IP networking. The Switch supports both SSH server/client function.

SSH server function of the Switch enables you to log in to the Switch and transfer files from a remote operation terminal on a secure communication channel. The following figure shows an example of connecting a SSH from a remote operation terminal to the Switch.

Figure 11-3: Example of connecting to the Switch from a remote operation terminal using SSH clients

SSH client function of the Switch enables you to log in to and transfer files from the Switch to SSH servers using a secure communication channel. The following figure shows an example of connecting the Switch to SSH servers.

Figure 11-4: Example of connecting to a remote SSH server from a SSH client on the Switch

Because the Switch supports both SSH servers and SSH clients, you can use a secure communication channel to log in to and transfer files from another Switch. The following figure shows an example of connecting the Switch to another Switch.

Figure 11-5: Example of connecting the Switch to another Switch using a SSH