3Com 3C13636 Configuration Manual page 212

3Com Router 3000 Ethernet Family
Configuration Guide
Workstation
Local Ethernet
Server
Figure 11-9 Establish an SSH channel through a WAN
To establish an SSH connection, the server and the client must go through the following
five phases:
1) Version number negotiation
The client starts a TCP connection to the server.
After the TCP connection is established, the server and the client negotiate a
version number.
If the negotiation succeeds, the key algorithm negotiation phase starts; otherwise,
the server tears down the TCP connection.
2) Key algorithm negotiation
The server generates an RSA key pair and an 8-byte random number, and sends
the portion of the public key and the random number to the client.
Both the server and the client use the public key of the server and the 8-byte
number as parameters to calculate a 16-byte session ID with the same algorithm.
The client uses the public key from the server and a random number generated
locally as parameters to calculate a session key.
Using the public key from the server, the client encrypts the random number
generated locally for session key calculation and sends the result to the server.
Using the local private key, the server decrypts the data sent by the client and
obtains the random number generated by the client.
Using the local public key and the random number sent by the client as
parameters, the server calculates the session key with the same algorithm used
by the client.
Local router
Laptop
PC
SSH client
3Com Corporation
WAN
Remote Ethernet
Remote router
SSH server
PC
11-15
Chapter 11 Terminal Services
Workstation
Laptop
Server