3com 8807 User Guide
![3com](https://files.manualsbrain.com/attachments/960452ff43b9899cbcffced60c87abf956e7967a/common/fit/150/50/f6ac125d7af2cf40fec58935fa6d4bf71457a57efe50bee91208a434f325/brand_logo.jpeg)
770
C
HAPTER
67: SSH T
ERMINAL
S
ERVICE
Figure 181 Establish an SSH channel through a WAN
To establish an SSH authentication secure connection, the server and the client
must go through the following five phases:
must go through the following five phases:
1 Version number negotiation:
■
The client sends a TCP connection request.
■
After the TCP connection is established, the server and the client negotiate the
version number.
version number.
■
If the negotiation succeeds, the key algorithm negotiation phase starts;
otherwise, the server tears down the TCP connection.
otherwise, the server tears down the TCP connection.
2 Key algorithm negotiation:
■
The server generates an RSA key pair randomly, and sends the public key in the
key pair to the client.
key pair to the client.
■
The client uses the public key from the server and a random number generated
locally (in length of eight bytes) as parameters to calculate the session key.
locally (in length of eight bytes) as parameters to calculate the session key.
■
Using the public key from the server, the client encrypts the random number
for calculating the session key and sends the result to the server.
for calculating the session key and sends the result to the server.
■
Using the local private key, the server decrypts the data sent by the client and
obtains the random number used by the client.
obtains the random number used by the client.
■
The server uses the public key and the random number from the client as
parameters to calculate the session key with the same algorithm as on the
client. The resulting key is 16 bytes long.
parameters to calculate the session key with the same algorithm as on the
client. The resulting key is 16 bytes long.
On completion of the above steps, the server and the client obtains the same
session key. During the session, both ends use the same session key to perform
encryption and decryption, thereby guaranteeing the security of data transfer.
session key. During the session, both ends use the same session key to perform
encryption and decryption, thereby guaranteeing the security of data transfer.
3 Authentication mode negotiation:
■
The client sends its username information to the server.
Local switch
Local Ethernet
WAN
Server
SSH client
PC
Laptop
Laptop
W orkstation
W orkstation
Remote Ethernet
Remote switch
Server
SSH server
Local Ethernet
WAN
Server
PC
SSH
PC
Laptop
Laptop
W orkstation
Remote Ethernet
Server
SSH