310
C
36: SSH T
HAPTER
ERMINAL
S
ERVICES
Figure 100 Establish SSH channels through WAN
Workstation
Workstation
Workstation
Workstation
Local Ethernet
Local Ethernet
Local Ethernet
Local Ethernet
Local Ethernet
Local Ethernet
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
Server
Server
Server
Server
Server
Server
The communication process between the server and client includes these five stages:
1 Version negotiation stage. These operations are completed at this stage:
The client sends TCP connection requirement to the server.
■
When TCP connection is established, both ends begin to negotiate the SSH
■
version.
If they can work together in harmony, they enter the key algorithm negotiation
■
stage. Otherwise the server clears the TCP connection.
2 Key algorithm negotiation stage. These operations are completed at this stage:
The server sends the public key in a randomly generated RSA key pair to the client.
■
The client figures out session key based on the public key from the server and the
■
random number generated locally.
The client encrypts the random number with the public key from the server and
■
sends the result back to the server.
The server then decrypts the received data with the server private key to get the
■
client random number.
The server then uses the same algorithm to work out the session key based on
■
server public key and the returned random number.
Then both ends get the same session key without data transfer over the network,
while the key is used at both ends for encryption and decryption.
3 Authentication method negotiation stage. These operations are completed at this
stage:
The client sends its username information to the server.
■
The server authenticates the username information from the client. If the user is
■
configured as no authentication on the server, authentication stage is skipped and
session request stage starts directly.
The client authenticates information from the user at the server till the
■
authentication succeeds or the connection is turned off due to authentication
timeout.
Local Switch
Local Switch
Local Switch
Local Switch
Local Switch
Local Switch
PC
PC
PC
PC
PC
PC
WAN
WAN
WAN
WAN
WAN
WAN
SSH-Client
SSH-Client
SSH-Client
SSH-Client
SSH-Client
SSH-Client
Remote Switch
Remote Switch
SSH-Server
SSH-Server
Workstation
Workstation
Workstation
Workstation
Remote Ethernet
Remote Ethernet
Remote Ethernet
Remote Ethernet
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
Laptop
PC
PC
PC
PC
PC
PC
PC
PC
PC
PC
Server
Server
Server
Server