3com 4210 PWR 9-Port 3CR17341-91-ME 用户手册
产品代码
3CR17341-91-ME
388
C
HAPTER
36: SSH C
ONFIGURATION
while the private key is effective only for the local end. Normally you cannot use
the private key through the public key.
the private key through the public key.
Asymmetric key algorithm encrypts data using the public key and decrypts the
data using the private key, thus ensuring data security.
data using the private key, thus ensuring data security.
You can also use the asymmetric key algorithm for data signature. For example,
user 1 adds his signature to the data using the private key, and then sends the
data to user 2. User 2 verifies the signature using the public key of user 1. If the
signature is correct, this means that the data originates from user 1.
user 1 adds his signature to the data using the private key, and then sends the
data to user 2. User 2 verifies the signature using the public key of user 1. If the
signature is correct, this means that the data originates from user 1.
Both Revest-Shamir-Adleman Algorithm (RSA) and Digital Signature Algorithm
(DSA) are asymmetric key algorithms. RSA is used for data encryption and
signature, whereas DSA is used for adding signature.
(DSA) are asymmetric key algorithms. RSA is used for data encryption and
signature, whereas DSA is used for adding signature.
n
Currently, SSH supports both RSA and DSA.
SSH Operating Process
The session establishment between an SSH client and the SSH server involves the
following five stages:
following five stages:
Version negotiation
■
The server opens port 22 to listen to connection requests from clients.
■
The client sends a TCP connection request to the server. After the TCP
connection is established, the server sends the first packet to the client, which
includes a version identification string in the format of "SSH-<primary protocol
version number>.<secondary protocol version number>-<software version
number>". The primary and secondary protocol version numbers constitute the
protocol version number, while the software version number is used for
debugging.
connection is established, the server sends the first packet to the client, which
includes a version identification string in the format of "SSH-<primary protocol
version number>.<secondary protocol version number>-<software version
number>". The primary and secondary protocol version numbers constitute the
protocol version number, while the software version number is used for
debugging.
■
The client receives and resolves the packet. If the protocol version of the server
is lower but supportable, the client uses the protocol version of the server;
otherwise, the client uses its own protocol version.
is lower but supportable, the client uses the protocol version of the server;
otherwise, the client uses its own protocol version.
■
The client sends to the server a packet that contains the number of the
protocol version it decides to use. The server compares the version carried in
the packet with that of its own to determine whether it can cooperate with the
client.
protocol version it decides to use. The server compares the version carried in
the packet with that of its own to determine whether it can cooperate with the
client.
■
If the negotiation is successful, the server and the client go on to the key and
algorithm negotiation. If not, the server breaks the TCP connection.
algorithm negotiation. If not, the server breaks the TCP connection.
Table 298 Stages in establishing a session between the SSH client and server
Stages
Description
Version negotiation
The two parties negotiate a version to use.
Key and algorithm negotiation
SSH supports multiple algorithms. The two parties
negotiate an algorithm for communication.
negotiate an algorithm for communication.
Authentication
The SSH server authenticates the client in response to
the client’s authentication request.
the client’s authentication request.
Session request
This client sends a session request to the server.
Data exchange
The client and the server start to communicate with
each other.
each other.