1108
C
HAPTER
88: SSH C
ONFIGURATION
Asymmetric key algorithm encrypts data using the public key and decrypts the
data using the private key, thus ensuring data security.
You can also use the asymmetric key algorithm for digital signature. For example,
user 1 adds his signature to the data using the private key, and then sends the
data to user 2. User 2 verifies the signature using the public key of user 1. If the
signature is correct, this means that the data originates from user 1.
Revest-Shamir-Adleman Algorithm (RSA) and Digital Signature Algorithm (DSA)
are both asymmetric key algorithms. RSA can be used for data encryption and
signature, whereas DSA is used for signatures only.
n
Currently, SSH2 supports both RSA and DSA.
SSH Operating Process
The session establishment between an SSH client and the SSH server involves the
following five stages:
Version negotiation
■
The server opens port 22 to listen to connection requests from clients.
■
The client sends a TCP connection request to the server. After the TCP
connection is established, the server sends the first packet to the client, which
includes a version identification string in the format of “SSH-<primary protocol
version number>.<secondary protocol version number>-<software version
number>”. The primary and secondary protocol version numbers constitute the
protocol version number, while the software version number is used for
debugging.
■
The client receives and resolves the packet. If the protocol version of the server
is lower but supportable, the client uses the protocol version of the server;
otherwise, the client uses its own protocol version.
■
The client sends to the server a packet that contains the number of the
protocol version it decides to use. The server compares the version carried in
the packet with that of its own to determine whether it can cooperate with the
client.
■
If the negotiation is successful, the server and the client proceed with key and
algorithm negotiation; otherwise, the server breaks the TCP connection.
n
All the packets involved in the above steps are transferred in plain text.
Table 88
Stages in establishing a session between the SSH client and the server
Stages Description
“Version negotiation” on page
1108
SSH1 and SSH2 are supported. The two parties negotiate
a version to use.
“Key and algorithm negotiation”
on page 1109
SSH supports multiple algorithms. The two parties
negotiate an algorithm for communication.
“Authentication” on page 1109
The SSH server authenticates the client in response to the
client’s authentication request.
“Session request” on page 1110
This client sends a session request to the server.
“Interactive session” on page
1110
The client and the server start to communicate with each
other.
Summary of Contents for 4800G Series
Page 26: ...26 CHAPTER NETWORKING APPLICATIONS ...
Page 30: ...30 CHAPTER 1 LOGGING IN TO AN ETHERNET SWITCH ...
Page 62: ...62 CHAPTER 3 LOGGING IN THROUGH TELNET ...
Page 70: ...70 CHAPTER 5 LOGGING IN THROUGH WEB BASED NETWORK MANAGEMENT SYSTEM ...
Page 72: ...72 CHAPTER 6 LOGGING IN THROUGH NMS ...
Page 82: ...82 CHAPTER 8 CONTROLLING LOGIN USERS ...
Page 98: ...98 CHAPTER 9 VLAN CONFIGURATION ...
Page 108: ...108 CHAPTER 10 VOICE VLAN CONFIGURATION ...
Page 119: ...GVRP Configuration Examples 119 DeviceB display vlan dynamic No dynamic vlans exist ...
Page 120: ...120 CHAPTER 11 GVRP CONFIGURATION ...
Page 160: ...160 CHAPTER 17 PORT ISOLATION CONFIGURATION ...
Page 172: ...172 CHAPTER 19 LINK AGGREGATION CONFIGURATION ...
Page 196: ...196 CHAPTER 22 DLDP CONFIGURATION ...
Page 240: ...240 CHAPTER 23 MSTP CONFIGURATION ...
Page 272: ...272 CHAPTER 27 RIP CONFIGURATION ...
Page 364: ...364 CHAPTER 29 IS IS CONFIGURATION ...
Page 426: ...426 CHAPTER 31 ROUTING POLICY CONFIGURATION ...
Page 442: ...442 CHAPTER 33 IPV6 RIPNG CONFIGURATION ...
Page 466: ...466 CHAPTER 35 IPV6 IS IS CONFIGURATION ...
Page 488: ...488 CHAPTER 36 IPV6 BGP CONFIGURATION ...
Page 498: ...498 CHAPTER 37 ROUTING POLICY CONFIGURATION ...
Page 540: ...540 CHAPTER 40 TUNNELING CONFIGURATION ...
Page 552: ...552 CHAPTER 41 MULTICAST OVERVIEW ...
Page 604: ...604 CHAPTER 43 MLD SNOOPING CONFIGURATION ...
Page 628: ...628 CHAPTER 46 IGMP CONFIGURATION ...
Page 700: ...700 CHAPTER 48 MSDP CONFIGURATION ...
Page 812: ...812 CHAPTER 57 DHCP SERVER CONFIGURATION ...
Page 822: ...822 CHAPTER 58 DHCP RELAY AGENT CONFIGURATION ...
Page 834: ...834 CHAPTER 61 BOOTP CLIENT CONFIGURATION ...
Page 850: ...850 CHAPTER 63 IPV4 ACL CONFIGURATION ...
Page 856: ...856 CHAPTER 64 IPV6 ACL CONFIGURATION ...
Page 860: ...860 CHAPTER 65 QOS OVERVIEW ...
Page 868: ...868 CHAPTER 66 TRAFFIC CLASSIFICATION TP AND LR CONFIGURATION ...
Page 888: ...888 CHAPTER 69 PRIORITY MAPPING ...
Page 894: ...894 CHAPTER 71 TRAFFIC MIRRORING CONFIGURATION ...
Page 904: ...904 CHAPTER 72 PORT MIRRORING CONFIGURATION ...
Page 930: ...930 CHAPTER 74 UDP HELPER CONFIGURATION ...
Page 990: ...990 CHAPTER 79 FILE SYSTEM MANAGEMENT CONFIGURATION ...
Page 1000: ...1000 CHAPTER 80 FTP CONFIGURATION ...
Page 1020: ...1020 CHAPTER 82 INFORMATION CENTER CONFIGURATION ...
Page 1038: ...1038 CHAPTER 84 SYSTEM MAINTAINING AND DEBUGGING ...
Page 1046: ...1046 CHAPTER 85 DEVICE MANAGEMENT ...
Page 1129: ...SSH Client Configuration Examples 1129 SwitchB ...
Page 1130: ...1130 CHAPTER 88 SSH CONFIGURATION ...
Page 1160: ...1160 CHAPTER 90 RRPP CONFIGURATION ...
Page 1180: ...1180 CHAPTER 91 PORT SECURITY CONFIGURATION ...
Page 1192: ...1192 CHAPTER 92 LLDP CONFIGURATION ...
Page 1202: ...1202 CHAPTER 93 POE CONFIGURATION ...
Page 1218: ...1218 CHAPTER 96 HTTPS CONFIGURATION ...