11.1.3 Support function
The following tables show the roles of SSH servers and SSH clients supported by the Switch, SSH protocol version, and the protocols that can be used to connect to SSH.
Function name |
Support Availability |
|
---|---|---|
SSH servers |
OK |
|
SSH clients |
OK |
|
SSH protocol version |
Version 1(SSHv1) |
OK |
Version 2(SSHv2) |
OK |
|
Protocols that can be used to connect to SSH |
IPv4 |
OK |
IPv6 |
OK |
|
IPv4 VRF [SL-L3A] |
OK |
|
IPv6 VRF [SL-L3A] |
OK |
(Legend) OK: Support
The following tables show the basic features and supported status of SSH.
Function name |
Description |
Support Availability |
---|---|---|
Secure Remote Login |
Logging in remotely using SSH |
OK |
Secure command execution |
Using SSH to Execute Commands |
OK |
Secure copy (SCP) |
Copying Files Using SSH |
OK |
Secure FTP(SFTP) |
Using SSH to Transfer Files |
SSHv1:NG SSHv2:OK |
Authentication agent |
Authentication agent function |
NG |
Port Forwarding |
TCP transmission function |
NG |
X11 protocol-auto-transport |
Ability to automatically forward X11 |
NG |
Data compression |
Ability to compress communications data |
NG |
Legend: OK: Supported, NG: Not supported
The following tables show the supported status of SSHv1 security features by method.
Function name |
Method |
Support Availability |
|
---|---|---|---|
Host authentication |
Public key authentication |
RSA |
OK |
User authentication |
Public key authentication |
RSA |
Server :OK Client :NG |
Password authentication |
OK |
||
RHOSTS certification |
NG |
||
RHOSTS+RSA certification |
NG |
||
Encryption |
Symmetric-key cipher |
3des-cbc, blowfish-cbc |
OK |
Other Methods |
NG |
Legend: OK: Supported, NG: Not supported
The following tables show the supported status of SSHv2 security features by method.
Function name |
Method |
Support Availability |
|
---|---|---|---|
Host authentication |
Public key authentication |
ECDSA, RSA, DSA |
OK |
Public key authentication with a certificate authority certificate |
NG |
||
Public key authentication with PGP certificates |
NG |
||
User authentication |
Public key authentication |
ECDSA, RSA, DSA |
Server :OK Client :NG |
Public key authentication with a certificate authority certificate |
NG |
||
Public key authentication with PGP certificates |
NG |
||
Host-based authentication |
NG |
||
Password authentication |
OK |
||
Key exchange |
ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, dh-group16-sha512, dh-group14-sha256, dh-group-ex-sha1, dh-group14-sha1, dh-group1-sha1 |
OK |
|
Other Methods |
NG |
||
Symmetric-key cipher |
aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, blowfish, arcfour256, arcfour128, arcfour |
OK |
|
Other Methods |
NG |
||
Message Authentication Code |
hmac-sha2-256, hmac-sha2-512, hmac-sha1, hmac-md5, hmac-sha1-96, hmac-md5-96 |
OK |
|
Other Methods |
NG |
||
Authenticated cipher |
aes128-gcm@openssh.com aes256-gcm@openssh.com |
OK |
|
Other Methods |
NG |
Legend: OK: Supported, NG: Not supported
The following tables show the supported status of SSH server login security and RADIUS/TACACS + support.
Function name |
Support Availability |
|
---|---|---|
Setting the maximum number of concurrent users |
OK |
|
Restricted by IP addressing of remote operation terminals |
OK |
|
Login message |
Before login |
SSHv1:NG SSHv2:OK |
After logging in |
OK |
|
RADIUS or TACACS+ |
Per |
OK |
Command authorization |
OK |
|
Accounting |
OK |
Legend: OK: Supported, NG: Not supported