Quidway NetEngine20/20E
Configuration Guide - Basic Configurations
9 Telnet and SSH
Issue 05 (2010-01-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9-5
SFTP is short for Secure FTP. You can log in to the device from the secure remote end to
manage the files. This improves the security of data transmission for the remote end to
update its system. Meanwhile, the client function enables you to log in to the remote
device through SFTP for the secure file transmission.
Process to Set Up SSH Connections
The following are procedures to set up SSH connections.
z
Negotiating versions
The SSK client sends a request packet to the server for setting up a TCP connection.
After the TCP connection is set up, the server and the client begin to negotiate the SSH
version number. If the version numbers are matched, continue to negotiate the shared key.
If the version numbers are not matched, the server interrupts the TCP connection.
z
Negotiating key algorithm
This procedure covers two actions: negotiating the key and accounting the session key.
The detailed procedures are as follows:
−
The server generates the RAS key randomly and sends the public key to the client.
−
The client calculates the key based on the received RSA public key and the local key
generated randomly
−
The client then encrypts the randomly local-generated key with the RAS public key,
and sends it to the server.
−
The server decrypts the received packets with its private key and gets the random key
generated on the client. It then calculates the session key.
In this way, the server and the client have the same session keys to guarantee the
session security.
z
Negotiating authentication mode
After the session key is calculated, the server needs to authenticate the client.
The client sends the identity information to the server.
If the non-authentication mode is configured on the server, a session request is
performed.
If the authentication mode is configured on the server, the client is authenticated sends
the authentication request to the server. The result can be that the authentication succeeds
or the connection is interrupted because of timeout.
The SSH server provides the following authentication modes:
−
Password authentication: The server compares the configured password and that from
the client; if they match, authentication succeeds.
−
RSA authentication: Configure the RSA public key of the client on the server and the
client sends all the member modules to the server. The server then authenticates the
modulo, generates a number randomly, encrypts the number with the RSA public key
of the client and sends the encrypted number to the client. The server and the client
both calculate the key based on the number randomly generated. The client calculates
the number used by the server to authenticate the client and sends the result to the
server. The server then compares the received result with that locally calculated. If
they are the same, the authentication succeeds.
z
Sending session request
After the authentication succeeds, the client sends the session request to the server. The
server then processes this request and the interactive session is performed.
z
Performing the interactive session