1108 CHAPTER 88: SSH CONFIGURATION
Asymmetric key algorithm encrypts data using the public key and decrypts the
data using the private key, thus ensuring data security.
You can also use the asymmetric key algorithm for digital signature. For example,
user 1 adds his signature to the data using the private key, and then sends the
data to user 2. User 2 verifies the signature using the public key of user 1. If the
signature is correct, this means that the data originates from user 1.
Revest-Shamir-Adleman Algorithm (RSA) and Digital Signature Algorithm (DSA)
are both asymmetric key algorithms. RSA can be used for data encryption and
signature, whereas DSA is used for signatures only.
n
Currently, SSH2 supports both RSA and DSA.
SSH Operating Process The session establishment between an SSH client and the SSH server involves the
following five stages:
Version negotiation
■ The server opens port 22 to listen to connection requests from clients.
■ The client sends a TCP connection request to the server. After the TCP
connection is established, the server sends the first packet to the client, which
includes a version identificat
ion string in the format of “SSH-<primary protocol
version number>.<secondary protocol version number>-<software version
number>”. The primary and secondary protocol version numbers constitute the
protocol version number, while the software version number is used for
debugging.
■ The client receives and resolves the packet. If the protocol version of the server
is lower but supportable, the client uses the protocol version of the server;
otherwise, the client uses its own protocol version.
■ The client sends to the server a packet that contains the number of the
protocol version it decides to use. The server compares the version carried in
the packet with that of its own to determine whether it can cooperate with the
client.
■ If the negotiation is successful, the server and the client proceed with key and
algorithm negotiation; otherwise, the server breaks the TCP connection.
n
All the packets involved in the above steps are transferred in plain text.
Table 88 Stages in establishing a session between the SSH client and the server
Stages Description
“Version negotiation” on page
1108
SSH1 and SSH2 are supported. The two parties negotiate
a version to use.
“Key and algorithm negotiation”
on page 1109
SSH supports multiple algorithms. The two parties
negotiate an algorithm for communication.
“Authentication” on page 1109 The SSH server authenticates the client in response to the
client’s authentication request.
“Session request” on page 1110 This client sends a session request to the server.
“Interactive session” on page
1110
The client and the server start to communicate with each
other.
To Next Page
Loading...
