beautypg.com

Ssh operating process – H3C Technologies H3C S3600 Series Switches User Manual

Page 892

background image

1-2

z

Asymmetric key algorithm

Asymmetric key algorithm is also called public key algorithm. Both ends have their own key pair,

consisting of a private key and a public key. The private key is kept secret while the public key may be

distributed widely. The private key cannot be practically derived from the public key. The information

encrypted with the public key/private key can be decrypted only with the corresponding private

key/public key.

Asymmetric key algorithm encrypts data using the public key and decrypts the data using the private

key, thus ensuring data security.

You can also use the asymmetric key algorithm for data signature. For example, user 1 adds his

signature to the data using the private key, and then sends the data to user 2. User 2 verifies the

signature using the public key of user 1. If the signature is correct, this means that the data originates

from user 1.

Both Revest-Shamir-Adleman Algorithm (RSA) and Digital Signature Algorithm (DSA) are asymmetric

key algorithms. RSA is used for data encryption and signature, whereas DSA is used for adding

signature. Currently the switch supports RSA and DSA.

Symmetric key algorithms are used for encryption and decryption of the data transferred on the SSH

channel while asymmetric key algorithms are used for digital signature and identity authentication.

SSH Operating Process

The session establishment between an SSH client and the SSH server involves the following five

stages:

Table 1-1 Stages in establishing a session between the SSH client and server

Stages

Description

Version negotiation

SSH1 and SSH2 are supported. The two parties negotiate a
version to use.

Key and algorithm negotiation

SSH supports multiple algorithms. The two parties negotiate
an algorithm for communication.

Authentication

The SSH server authenticates the client in response to the
client’s authentication request.

Session request

This client sends a session request to the server.

Data exchange

The client and the server start to communicate with each
other.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: