Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
1261126212631264126512661267126812691270
Operation Manual – SSH
H3C S7500E Series Ethernet Switches Chapter 1 SSH Configuration
1-2
Key-based algorithm is usually classified into symmetric key algorithm and asymmetric
key algorithm.
1.1.2 Asymmetric Key Algorithm
Asymmetric key algorithm means that a key pair exists at both ends. The key pair
consists of a private key and a public key. The public key is effective for both ends,
while the private key is effective only for the local end.
Asymmetric key algorithm encrypts data using the public key and decrypts the data
using the private key, thus ensuring data security.
You can also use the asymmetric key algorithm for digital signature. For example, user
1 adds his signature to the data using the private key, and then sends the data to user 2.
User 2 verifies the signature using the public key of user 1. If the signature is correct,
this means that the data originates from user 1.
The Revest-Shamir-Adleman Algorithm (RSA) is an asymmetric key algorithm. It can
be used for data encryption and signature.
1.1.3 SSH Operating Process
The session establishment between an SSH client and the SSH server involves the
following five stages:
Table 1-1 Stages in establishing a session between the SSH client and the server
Stages Description
Version negotiation
SSH1 and SSH2 are supported. The two parties
negotiate a version to use.
Key and algorithm
negotiation
SSH supports multiple algorithms. The two parties
negotiate an algorithm for communication.
Authentication
The SSH server authenticates the client in response to
the client’s authentication request.
Session request This client sends a session request to the server.
Interactive session
The client and the server start to communicate with
each other.
I. Version negotiation
z The server opens port 22 to listen to connection requests from clients.
z The client sends a TCP connection request to the server. After the TCP
connection is established, the server sends the first packet to the client, which
includes a version identification string in the format of “SSH-<primary protocol
version number>.<secondary protocol version number>-<software version
number>”. The primary and secondary protocol version numbers constitute the