ZXR10 8900E series Core Switch Product Description
62
© 2013ZTE CORPORATION. All rights reserved.
ZTE Confidential Proprietary
3.8.2.2
SSH
SSH (Secure Shell) is made by IETF network working team. SSH is a security protocol
build on the basis of application layer and transport layer. SSH currently is a reliable
security protocol designed particularly for remote login session and other network
services. SSH protocol can be used to avoid information leaking effectively. Encrypting
transport data via SSH protocol can avoid middle attack.
SSH supports the following two sorts of authentication:
The first one is the security authentication based upon password. Input correct account
number and password, then user can access the remote host successfully. All transport
data are encrypted. This mode ensures reliable data transmission. But it may lead to faud
server which makes the data transferred to illegal servers.
The other security authentication is based upon encryption key. User must create a pair
of encryption key and save the public key to the target server. The client software asks
the server for security authentication via its own encryption key. When the server
receives the request, it looks for the public encryption key in the root category of this
user’s server. After confirming the two encryption keys are the same by comparing the
public key with the public key sent by the client, the server will encrypt challenge and
send it to the client software. After receiving the challenge, the client will decrypt it by
private encryption key and send it to the server.
ZXR10 8900E supports security authentication of SSHv2 protocol.
3.8.2.3
Command Line Hierarchical Protection
Currently, ZXR10 8900E series switch realizes different levels of command (16 levels in
total). For different access users, different levels of authority is used. Lower level leads to
less command. Higher level leads to more commands. The administrator (highest level)
is able to set different authority levels to different command, so that self-defined
command authority configuration can be implemented.
In order to realize hierarchical authority, two parts of authority level should be maintained:
Command node authority level maintenance: when the switch is initiated, each
command node has a default authority level. The administrator can change it.
Login user authority level maintenance: the administrator can set authority level for
each login user. Conditions for displaying and implementing the command are:
when user’s authority level is bigger or equals to the command authority level, this
command can be displayed and executed on user’s terminal. In default situation, the
administrator can use all commands. Other authority levels can only use some
maintenance commands.
Summary of Contents for ZXR10 8900E series
Page 1: ...Operator Logo ZXR10 8900E series Core Switch Product Description ...
Page 2: ......
Page 10: ......