H3C S5500-EI series Operation Manual page 1357
Hide thumbs
Also See for S5500-EI series:
- Configuration manual (490 pages) ,
- Security configuration manual (448 pages) ,
- Operation manual (216 pages)
Table of Contents
Advertisement
Operation Manual – SSH
H3C S5500-EI Series Ethernet Switches
I. Version negotiation
The server opens port 22 to listen to connection requests from clients.
The client sends a TCP connection request to the server. After the TCP
connection is established, the server sends the first packet to the client, which
includes a version identification string in the format of "SSH-<primary protocol
version number>.<secondary protocol version number>-<software version
number>". The primary and secondary protocol version numbers constitute the
protocol version number, while the software version number is used for
debugging.
The client receives and resolves the packet. If the protocol version of the server is
lower but supportable, the client uses the protocol version of the server; otherwise,
the client uses its own protocol version.
The client sends to the server a packet that contains the number of the protocol
version it decides to use. The server compares the version carried in the packet
with that of its own to determine whether it can cooperate with the client.
If the negotiation is successful, the server and the client proceed with key and
algorithm negotiation; otherwise, the server breaks the TCP connection.
Note:
All the packets involved in the above steps are transferred in plain text.
II. Key and algorithm negotiation
The server and the client send key algorithm negotiation packets to each other,
which include the supported public key algorithm list, encryption algorithm list,
MAC algorithm list, and compression algorithm list.
Based on the received algorithm negotiation packets, the server and the client
figure out the algorithms to be used.
The server and the client use the DH key exchange algorithm and parameters
such as the host key pair to generate the session key and session ID.
Through the above steps, the server and the client get the same session key, which is
to be used to encrypt and decrypt data exchanged between the server and the client
later. The server and the client use session ID in the authentication stage.
1-3
Chapter 1 SSH Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
