Manualshelf

R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
141142143144145146147148149150
134
inform the success or failure of the authentication. The device supports two publickey algorithms for
digital signature: RSA and DSA.
The following gives the steps of the authentication stage:
1. The client sends to the server an authentication request, which includes the username,
authentication method (password authentication or publickey authentication), and information
related to the authentication method (for example, the password in the case of password
authentication).
2. The server authenticates the client. If the authentication fails, the server informs the client by
sending a message, which includes a list of available methods for re-authentication.
3. The client selects a method from the list to initiate another authentication.
4. The above process repeats until the authentication succeeds or the failed authentication times
exceed the maximum of authentication attempts and the session is torn down.
NOTE:
Besides password authentication and publickey authentication, SSH2.0 provides another two
authentication methods:
password-publickey: Performs both password authentication and publickey authentication if the client
is using SSH2.0 and performs either if the client is running SSH1.
any: Performs either password authentication or publickey authentication.
Session request
After passing authentication, the client sends a session request to the server, while the server listens to
and processes the request from the client. After successfully processing the request, the server sends back
to the client an SSH_SMSG_SUCCESS packet and goes on to the interactive session stage with the client.
Otherwise, the server sends back to the client an SSH_SMSG_FAILURE packet, indicating that the
processing fails or it cannot resolve the request.
Interaction
In this stage, the server and the client exchanges data in the following way:
The client encrypts and sends the command to be executed to the server.
The server decrypts and executes the command, and then encrypts and sends the result to the client.
The client decrypts and displays the result on the terminal.
NOTE:
In the interaction stage, you can execute commands from the client by pasting the commands in text
format (the text must be within 2000 bytes). The commands must be in the same view. Otherwise, the
server may not be able to perform the commands correctly.
If the command text exceeds 2000 bytes, you can execute the commands by saving the text as a
configuration file, uploading the configuration file to the server through SFTP, and then using the
configuration file to restart the server.