Secure Shell (SSH) Server Upgrade

OpenSSH server listens for incoming connections. After authenticating, the server provides the client either shell access or access to the CLI, or performs a file transfer of configuration files. The server uses various services in ExtremeXOS including AAA for authentication, Policy Manager for access control, Session Manager for session reporting, and EMS for logging.

SSHServer is migrated from SSH toolkit to OpenSSH, where the SSH server is added as part of the exsshd process. ExtremeXOS 16.2.2-Patch1-3 supports SSH protocol version 2 from OpenSSH. Although the SSH server is added to exsshd, the key generation is not performed by exsshd. This is done separately by another module from OpenSSH, ssh-keyGen, which is invoked from exsshd. The generated key is stored in /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_dsa_key.pub. The same format is used for any keys that are imported to OpenSSH.

Supported Platforms

  • Summit X430, X440, X450-G2, X460, X460-G2, X480, X670, X670-G2, X770 series switches
  • BlackDiamond X8 and 8000 series switches
  • E4G-200 and E4G-400 cell site routers

Limitations

  • Keyboard interactive authentication is not supported.
  • Host key algorithms are not configurable.