Operation Manual – SSH
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 SSH Configuration
1-3
protocol version number, while the software version number is used for
debugging.
z
The client receives and resolves the packet. If the protocol version of the server is
lower but supportable, the client uses the protocol version of the server; otherwise,
the client uses its own protocol version.
z
The client sends to the server a packet that contains the number of the protocol
version it decides to use. The server compares the version carried in the packet
with that of its own to determine whether it can cooperate with the client.
z
If the negotiation is successful, the server and the client proceed with key and
algorithm negotiation; otherwise, the server breaks the TCP connection.
Note:
All the packets involved in the above steps are transferred in plain text.
II. Key and algorithm negotiation
z
The server and the client send key algorithm negotiation packets to each other,
which include the supported public key algorithm list, encryption algorithm list,
MAC algorithm list, and compression algorithm list.
z
Based on the received algorithm negotiation packets, the server and the client
figure out the algorithms to be used.
z
The server and the client use the DH key exchange algorithm and parameters
such as the host key pair to generate the session key and session ID.
Through the above steps, the server and the client get the same session key, which is
to be used to encrypt and decrypt data exchanged between the server and the client
later. The server and the client use session ID in the authentication stage.
Caution:
Before the negotiation, the RSA key pair must have been generated on the server. It
will be used for generating the session key.
III. Authentication
z
The client sends to the server an authentication request, which includes the
username, authentication method and information related to the authentication
method (the password in the case of password authentication).