307
authentication result. The router supports using the publickey algorithms RSA and DSA for digital
signature.
An SSH2.0 server might require the client to pass both password authentication and publickey
authentication or either of them. However, if the client is running SSH1, the client must only pass either
authentication, regardless of the requirement of the server.
The steps of the authentication stage are as follows:
1.
The client sends the server an authentication request, which includes the username, the
authentication method, and the information related to the authentication method (for example, the
password in the case of password authentication).
2.
The server authenticates the client. If the authentication fails, the server informs the client by sending
a message, which includes a list of available methods for re-authentication.
3.
The client selects a method from the list to initiate another authentication.
4.
The preceding process repeats until the authentication succeeds or the number of failed
authentication attempts exceeds the maximum of authentication attempts. In the latter case, the
server tears the session down.
NOTE:
Only clients running SSH2.0 or a later version support password re-authentication that is initiated by
the router acting as the SSH server.
Session request
After passing authentication, the client sends a session request to the server, and the server listens to and
processes the request from the client. If the server successfully processes the request, the server sends an
SSH_SMSG_SUCCESS packet to the client and goes on to the interaction stage with the client.
Otherwise, the server sends an SSH_SMSG_FAILURE packet to the client to indicate that the processing
has failed or that it cannot resolve the request.
Interaction
In this stage, the server and the client exchange data as follows:
1.
The client encrypts and sends the command to be executed to the server.
2.
The server decrypts and executes the command and then encrypts and sends the result to the client.
3.
The client decrypts and displays the result on the terminal.
NOTE:
•
In the interaction stage, execute commands from the client by pasting the commands in text format
(the text must be within 2000 bytes). The commands must be available in the same view. Otherwise,
the server might not be able to perform the commands correctly.
•
If the command text exceeds 2000 bytes, execute the commands by saving the text as a configuration
file, uploading the configuration file to the server through SFTP, and then using the configuration file
to restart the server.