R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
132
SSH2.0 configuration
NOTE:
The firewall supports SSH2.0 configuration only in the command line interface (CLI).
SSH2.0 overview
Introduction to SSH2.0
Secure Shell (SSH) offers an approach to logging into a remote device securely. By encryption and strong
authentication, it protects devices against attacks such as IP spoofing and plain text password
interception.
The device can not only work as an SSH server to support connections with SSH clients, but also work as
an SSH client to allow users to establish SSH connections with a remote device acting as the SSH server.
NOTE:
W
hen acting as an SSH server, the device supports two SSH versions: SSH2.0 and SSH1. When actin
g
as
an SSH client, the device supports SSH2.0 only.
Operation of SSH
The session establishment and interaction between an SSH client and the SSH server involves the
following five stages:
Table 28 Stages in session establishment and interaction between an SSH client and the server
Sta
g
es Descri
p
tion
Version negotiation
SSH1 and SSH2.0 are supported. The two parties
negotiate a version to use.
Key and algorithm negotiation
SSH supports multiple algorithms. The two parties
negotiate an algorithm for communication.
Authentication
The SSH server authenticates the client in response to
the client’s authentication request.
Session request
After passing authentication, the client sends a session
request to the server.
Interaction
After the server grants the request, the client and server
start to communicate with each other.
Version negotiation
1. The server opens port 22 to listen to connection requests from clients.
2. The client sends a TCP connection request to the server. After the TCP connection is established, the
server sends the first packet to the client, which includes a version identification string in the format