Table of Contents
Advertisement
Configuring SSH Server
The communication process between the server and client include these five
stages: version negotiation stage, key negotiation stage, authentication stage,
session request stage, interactive session stage.
Version negotiation stage: The client sends TCP connection requirement to the
■
server. When TCP connection is established, both ends begin to negotiate the
SSH version. If they can work together in harmony, they enter the key
algorithm negotiation stage. Otherwise the server clears the TCP connection.
Key negotiation stage: Both ends negotiate key algorithm and compute session
■
key. The server randomly generates its RSA key and sends the public key to the
client. The client figures out session key based on the public key from the server
and the random number generated locally. The client encrypts the random
number with the public key from the server and sends the result back to the
server. The server then decrypts the received data with the server private key to
get the client random number. It then uses the same algorithm to work out the
session key based on server public key and the returned random number. Then
both ends get the same key without data transfer over the network, while the
key is used at both ends for encryption and description.
Authentication stage: The server authenticates the user at the client after
■
obtaining a session key. The client sends its username to the server: If the
username has been created and configured as no authentication,
authentication stage is skipped for this user. Otherwise, the authentication
process continues. SSH supports two authentication types: password
authentication and RSA authentication. In the first type, the server compares
the username and password received with those configured locally. The user is
allowed to log on to the Switch if the usernames and passwords match exactly.
RSA authentication works in this way: The RSA public key of the client user is
configured at the server. The client first sends the member modules of its RSA
public key to the server, which checks its validity. If it is valid, the server
generates a random number, which is sent to the client after being encrypted
with RSA public key. Both ends calculate authentication data based on the
random number and session ID. The client sends the authentication data
calculated back to the server, which compares it with its attention data
obtained locally. If they match exactly, the user is allowed to access the Switch.
Otherwise, authentication process fails.
Session request stage: The client sends session request messages to the server
■
which processes the request messages.
Interactive session stage: Both ends exchange data till the session ends.
■
Session packets are encrypted in transfer and the session key is generated
randomly. Encryption is used in exchanging session key and RSA authentication
achieves key exchange without transfer over the network. SSH can protect
server-client data security. The authentication will also start even if the
username received is not configured at the server, so malicious intruders
cannot judge whether a username they key in exists or not. This is also a way to
protect a username.
Basic configuration tasks refer to those required for successful connection from
SSH client to SSH server, which advanced configuration tasks are those modifying
SSH parameters.
Configuration tasks on the SSH server include:
SSH Terminal Services
371
- Quick Links:
- Configuration Guide
Hide quick links:
Advertisement
Table of Contents
