1-3
z
Currently, the switch that serves as an SSH server supports two SSH versions: SSH2 and SSH1,
and the switch that serves as an SSH client supports only SSH2.
z
Unless otherwise noted, SSH refers to SSH2 throughout this document.
Version negotiation
z
The server opens port 22 to listen to connection requests from clients.
z
The client sends a TCP connection request to the server. After the TCP connection is established,
the server sends the first packet to the client, which includes a version identification string in the
format of “SSH-<primary protocol version number>.<secondary protocol version
number>-<software version number>”. The primary and secondary protocol version numbers
constitute the protocol version number, while the software version number is used for debugging.
z
The client receives and resolves the packet. If the protocol version of the server is lower but
supportable, the client uses the protocol version of the server; otherwise, the client uses its own
protocol version.
z
The client sends to the server a packet that contains the number of the protocol version it decides
to use. The server compares the version carried in the packet with that of its own to determine
whether it can cooperate with the client.
z
If the negotiation is successful, the server and the client go on to the key and algorithm negotiation.
If not, the server breaks the TCP connection.
All the packets above are transferred in plain text.
Key negotiation
z
The server and the client send algorithm negotiation packets to each other, which contain public
key algorithm lists supported by the server and the client, encrypted algorithm list, message
authentication code (MAC) algorithm list, and compressed algorithm list.
z
The server and the client calculate the final algorithm according to the algorithm lists supported.
z
The server and the client generate the session key and session ID based on the Diffie-Hellman (DH)
exchange algorithm and the host key pair.
z
Then, the server and the client get the same session key and use it for data encryption and
decryption to secure data communication.
Authentication negotiation
The negotiation steps are as follows:
z
The client sends an authentication request to the server. The authentication request contains
username, authentication type, and authentication-related information. For example, if the
authentication type is
password
, the content is the password.
Содержание Switch 4800G PWR 24-Port
Страница 165: ...1 8 4 mac address es found on port GigabitEthernet1 0 2 ...
Страница 214: ...ii Displaying and Maintaining System Guard 4 1 ...
Страница 445: ...ii ...
Страница 727: ...i Table of Contents Appendix A Acronyms A 1 ...
Страница 730: ...A 3 VOD Video On Demand W WRR Weighted Round Robin X XID eXchange Identification XRN eXpandable Resilient Networking ...