Router User Manual
Nortel Secure Router 8000 Series
Configuration Guide - Basic Configuration 9 Telnet and SSH
Issue 5.3 (30 March 2009) Nortel Networks Inc.
Figure 9-4 Establishing an SSH channel in a LAN
Router
PC
LapTop
Ethernet 100BASE-TX
WorkStation
Server
PC running SSH client
Figure 9-5 Establishing an SSH channel in a WAN
Local LAN
PC run SSH client
Router
SSH router
Remote LAN
PC
WAN
Setup process for SSH connections
This section describes the process for setting up SSH connections.
z
Negotiating versions
The SSH client sends a request packet to the server to set up a TCP connection. After the
TCP connection is set up, the server and the client begin to negotiate the SSH version
number. If the version numbers match, the server and client continue to negotiate the
shared key. If the version numbers do not match, the server interrupts the TCP
connection.
z
Negotiating the key algorithm
This process covers two actions: negotiating the key and accounting the session key. The
detailed procedures are as follows:
− The server generates the Revest-Shamir-Adleman Algorithm (RSA) key randomly
and sends the public key to the client.
− The client calculates the key based on the received RSA public key and the local key
generated randomly.
− The client then encrypts the randomly generated local key with the RSA public key,
and sends it to the server.
− The server decrypts the received packets with its private key and retrieves the random
key generated on the client. It then calculates the session key.
9-5