Table of Contents
Advertisement
162
Both clients and servers can create a new channel, with each channel being assigned a different number
at each end. When one side attempts to open a new channel, that side's number for the channel is sent
along with the request. This information is stored by the other side and used to direct a particular type
of service's communication to that channel. This is done so that different types of sessions will not
affect one another and channels can be closed without disrupting the primary SSH connection between
the two systems.
Channels also support flow-control, which allows them to send and receive data in an orderly fashion.
In this way, data is not sent over the channel until the host receives a message that the channel is able
to receive it.
Channels are particularly useful with X11 forwarding and TCP/IP port forwarding with SSH. Separate
channels can be configured differently, perhaps to use a different maximum packet size or to transfer
a particular type of data. This allows SSH to be flexible in handling different types of remote connec-
tions, such as dial-up over public networks or high speed LAN links, without having to change the
basic infrastructure of the protocol. The client and server negotiate the configuration of each channel
within the SSH connection for the user automatically.
10.4 OpenSSH Configuration Files
OpenSSH has two different sets of configuration files, one for the client programs (ssh, scp, and
sftp) and the other for the server service (sshd), located in two different areas.
System-wide SSH configuration information is stored in the /etc/ssh directory:
•
primes — Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange. Basi-
cally, this key exchange creates a shared secret value that cannot be determined by either party
alone and is used to provide host authentication. This file is critical for constructing a secure
transport layer.
•
ssh_config — The system-wide SSH client configuration file used to direct the SSH client.
If a user has her own configuration file available in her home directory (~/.ssh/config), then
its values will override the values stored in /etc/ssh/ssh_config.
•
sshd_config — The configuration file for sshd.
•
ssh_host_dsa_key — The DSA private key used by sshd.
•
ssh_host_dsa_key.pub — The DSA public key used by sshd.
•
ssh_host_key — The RSA private key used by sshd for version 1 of the SSH protocol.
•
ssh_host_key.pub — The RSA public key used by sshd for version 1 of the SSH protocol.
•
ssh_host_rsa_key — The RSA private key used by sshd for version 2 of the SSH protocol.
Chapter 10:SSH Protocol
Advertisement
Table of Contents
