SSH Terminal Service 771
■ The server initiates a procedure to authenticate the user. If the server is
configured not to authenticate the user, the process proceeds to session
request phase directly.
■ The client employs an authentication mode to authenticate the server till the
authentication succeeds or the server tears down the connection because of
timeout.
n
SSH provides two authentication modes: password authentication and RSA
authentication.
1 Password authentication procedure:
■ The client sends the username and password to the server;
■ The server compares the username and password sent from the client with the
local configuration. If it finds an exact match, the authentication succeeds.
2 RSA authentication procedure:
■ The server configures an RSA public key for the client;
■ The client sends its RSA public key member module to the server;
■ The server performs validity authentication on the member module. If the
authentication succeeds, the server generates a random number, encrypts it
using the RSA public key from the client, and sends the encrypted information
back to the client;
■ Both the server and the client uses the random number and the session ID with
the length of 16 characters as parameters to calculate the authentication data;
■ The client sends the authentication data it generates to the server;
■ The server compares the authentication data from the client with that locally
calculated. If they match, the authentication succeeds.
3 Session request: If the authentication succeeds, the client sends a session request
to the server. When the server has successfully processed the request, SSH enters
the interactive session phase.
4 Interactive session: The client and the server exchange data till the session is over.
SSH Server
Configuration
The following table describes the SSH server configuration tasks.
Tab le 713 SSH2.0 configuration tasks
Operation Command Description
Enter system view system-view -
Enter user interface view of
VTY type
user-interface vty X X -
Set the protocol supported by
current user interface
protocol inbound { all | ssh |
telnet }
Optional
Return to system view quit -
Generate a local RSA key pair rsa local-key-pair create Required
Destroy a local RSA key pair rsa local-key-pair destroy Optional
Configure the SSH user
authentication mode
ssh user username [
authentication-type {
password | rsa |
password-publickey | all } ]
Required
By default, users are unable to
log in.
To Next Page
Loading...
