3com 8807 User Guide

C

HAPTER

 67: SSH T

ERMINAL

 S

ERVICE

Figure 181   Establish an SSH channel through a WAN

To establish an SSH authentication secure connection, the server and the client 
must go through the following five phases:

1 Version number negotiation:

■

The client sends a TCP connection request.

■

After the TCP connection is established, the server and the client negotiate the 
version number.

■

If the negotiation succeeds, the key algorithm negotiation phase starts; 
otherwise, the server tears down the TCP connection.

2 Key algorithm negotiation:

■

The server generates an RSA key pair randomly, and sends the public key in the 
key pair to the client.

■

The client uses the public key from the server and a random number generated 
locally (in length of eight bytes) as parameters to calculate the session key.

■

Using the public key from the server, the client encrypts the random number 
for calculating the session key and sends the result to the server.

■

Using the local private key, the server decrypts the data sent by the client and 
obtains the random number used by the client.

■

The server uses the public key and the random number from the client as 
parameters to calculate the session key with the same algorithm as on the 
client. The resulting key is 16 bytes long.

On completion of the above steps, the server and the client obtains the same 
session key. During the session, both ends use the same session key to perform 
encryption and decryption, thereby guaranteeing the security of data transfer.

3 Authentication mode negotiation:

■

The client sends its username information to the server.

Local switch

Local Ethernet

WAN

Server

SSH client

PC

Laptop

Laptop

W orkstation

W orkstation

Remote Ethernet

Remote switch

Server

SSH server

Local Ethernet

WAN

Server

PC

SSH

PC

Laptop

Laptop

W orkstation

Remote Ethernet

Server

SSH