3 Authentication mode negotiation:
The client sends its username information to the server.
■
The server initiates a procedure to authenticate the user. If the server is
■
configured not to authenticate the user, the process proceeds to session
request phase directly.
The client employs an authentication mode to authenticate the server till the
■
authentication succeeds or the server tears down the connection because of
timeout.
SSH provides two authentication modes: password authentication and RSA
authentication.
Password authentication procedure:
■
The client sends the username and password to the server;
■
The server compares the username and password sent from the client with
■
the local configuration. If it finds an exact match, the authentication
succeeds.
RSA authentication procedure:
■
The server configures an RSA public key for the client;
■
The client sends its RSA public key member module to the server;
■
The server performs validity authentication on the member module. If the
■
authentication succeeds, the server generates a random number, encrypts it
using the RSA public key from the client, and sends the encrypted
information back to the client;
Both the server and the client uses the random number and the session ID
■
as parameters to calculate the authentication data;
The client sends the authentication data it generates to the server;
■
The server compares the authentication data from the client with that
■
locally calculated. If they match, the authentication succeeds.
4 Session request: If the authentication succeeds, the client sends a session request
to the server. When the server has successfully processed the request, SSH enters
the interactive session phase.
5 Interactive session: The client and the server exchange data till the session is over.
SSH Terminal Service
313