3com S7906E 설치 설명서
1-2
Table 1-1 Stages in session establishment and interaction between an SSH client and the server
Stages
Description
SSH1 and SSH2.0 are supported. The two parties negotiate
a version to use.
a version to use.
SSH supports multiple algorithms. The two parties negotiate
an algorithm for communication.
an algorithm for communication.
The SSH server authenticates the client in response to the
client’s authentication request.
client’s authentication request.
After passing authentication, the client sends a session
request to the server.
request to the server.
After the server grants the request, the client and server start
to communicate with each other.
to communicate with each other.
Version negotiation
1) The server opens port 22 to listen to connection requests from clients.
2) The client sends a TCP connection request to the server. After the TCP connection is established,
the server sends the first packet to the client, which includes a version identification string in the
format of “SSH-<primary protocol version number>.<secondary protocol version
number>-<software version number>”. The primary and secondary protocol version numbers
constitute the protocol version number, while the software version number is used for debugging.
3) The client receives and resolves the packet. If the protocol version of the server is lower but
supportable, the client uses the protocol version of the server; otherwise, the client uses its own
protocol version.
4) The client sends to the server a packet that contains the number of the protocol version it decides
to use. The server compares the version carried in the packet with that of its own. If the server
supports the version, the server and client will use the version. Otherwise, the negotiation fails.
5) If the negotiation is successful, the server and the client proceed with key and algorithm negotiation;
otherwise, the server breaks the TCP connection.
All the packets involved in the above steps are transferred in plain text.
Key and algorithm negotiation
z
The server and the client send algorithm negotiation packets to each other, which include the
supported public key algorithms list, encryption algorithms list, Message Authentication Code
(MAC) algorithms list, and compression algorithms list.
z
Based on the received algorithm negotiation packets, the server and the client figure out the
algorithms to be used. If the negotiation of any type of algorithm fails, the algorithm negotiation fails
and the server tears down the connection with the client.