Manualsbrain.com
  1. 매뉴얼
  2. 브랜드
  3. 3com
  4. S7906E
  5. 설치 설명서

3com S7906E 설치 설명서

다운로드
페이지 2621
 
1-3 
The server and the client use the DH key exchange algorithm and parameters such as the host key 
pair to generate the session key and session ID and the client authenticates the identity of the 
server. 
Through the above steps, the server and client get the same session key and session ID. The session 
key will be used to encrypt and decrypt data exchanged between the server and client later, and the 
session ID will be used to identify the session established between the server and client and will be 
used in the authentication stage.  
 
 
Before the negotiation, the server must have already generated a DSA or RSA key pair, which is not 
only used for generating the session key, but also used by the client to authenticate the identity of the 
server. For details about DSA and RSA key pairs, refer to Public Key Configuration in the Security 
Volume
 
Authentication 
SSH provides two authentication methods: password authentication and publickey authentication. 
Password authentication: The server uses AAA for authentication of the client. During password 
authentication, the client encrypts its username and password, encapsulates them into a password 
authentication request, and sends the request to the server. Upon receiving the request, the server 
decrypts the username and password, checks the validity of the username and password locally or 
by a remote AAA server, and then informs the client of the authentication result. 
Publickey authentication: The server authenticates the client by the digital signature. During 
publickey authentication, the client sends to the  server a publickey authentication request that 
contains its username, public key, and publickey algorithm information. The server checks whether 
the public key is valid. If the public key is invalid, the authentication fails; otherwise, the server 
authenticates the client by the digital signature. Finally, the server sends a message to the client to 
inform the success or failure of the authentication. Currently, the device supports two publickey 
algorithms for digital signature: RSA and DSA. 
The following gives the steps of the authentication stage: 
1)  The client sends to the server an authentication request, which includes the username, 
authentication method (password authentication or publickey authentication), and information 
related to the authentication method (for example, the password in the case of password 
authentication). 
2)  The server authenticates the client. If the authentication fails, the server informs the client by 
sending a message, which includes a list of available methods for re-authentication. 
3)  The client selects a method from the list to initiate another authentication. 
4)  The above process repeats until the authentication succeeds or the failed authentication times 
exceed the maximum of authentication attempts and the session is torn down.