***SSH Terminal Services***
Introduction to SSH:
In Figure , SSH is an application layer protocol in the TCP/IP protocol suite. It is used for remote login and virtual terminal on the network of which the security is not guaranteed. Based on TCP connections, SSH guarantees security and provides authentication for transmitted information, preventing the following attacks: (Item List) IP address spoofing Interception of the plain text password Denial of Service (DoS)
SSH adopts the client/server model and sets up multiple secure transmission channels. The S-switch, as the SSH server, can be connected to multiple PCs that function as SSH clients. A Layer 2 switch may exist between the PC and the SSH server.
In actual networking, the IP addresses of the PC and the S-switch must be in the same network segment, and the Layer 2 switch and the S-switch must be in the same VLAN.
Currently, there are three SSH versions including v1.0, v1.5, and v2.0. The v2.0 and v1.0 are compatible but the v2.0 and v1.5 are incompatible.
Advantages of SSH:
Different from Telnet terminal services, SSH provides secure remote access on the network without guaranteed security. The advantages are as follows:
- Supporting Revest-Shamir-Adleman Algorithm (RSA) authentication
- Supporting Data Encryption Standard (DES) and 3DES
- Supporting the encrypted transfer of the username or password
- Supporting the encrypted transfer of interactive data
SSH adopts RSA. After the public key and the private key are generated according to the encryption principle of the asymmetric encryption system, the following information is transmitted with security between the SSH client and the SSH server: (Item List) Key Username Password Interactive data
Setting Up an SSH Connection:
The procedure for setting up an SSH connection is as follows:
- Negotiating the SSH versionThe SSH client initiates a TCP connection by sending a request to the SSH server. After the TCP connection is set up, the SSH server and the SSH client negotiate the SSH version. If the version of the client matches that of the server, the negotiation of the key starts; otherwise, the SSH server cuts off the TCP connection.
- Negotiating the keyIn this step, the key algorithm is negotiated and the session key is computed.The SSH server generates the RSA key randomly and sends the public key to the SSH client.
The SSH client computes the session key according to the RSA public key received and the random number generated locally. Then, the SSH client encrypts the random number by using the public key at the SSH server, and sends the encrypted random number to the SSH server.
The SSH server decrypts the dada received from the SSH client by using the private key, and obtains the random number at the SSH client. Then, the SSH server compares the random number and its own public key. After that, the session key is computed.
- Authenticating the user identityAfter computing the session key, the SSH server authenticates the SSH client.The SSH client sends information about the identity to the SSH server. If the server is configured not to authenticate a user, the request for session starts. Otherwise, the server authenticates a user.
The SSH server authenticates a user in one of the following ways:
- Password authentication: The SSH server compares the username and password of an SSH client with those pre-configured in the system. If they are matched, the authentication succeeds.
- RSA authentication
- The RSA public key of the SSH client is pre-configured on the SSH server.
- The SSH client, as one RSA public key member, sends modulo to the SSH server.
- The SSH server checks the validity of the public key members and generates a random number. Then, the SSH server encrypts the random number using the RSA public key of the client and sends it to the SSH client.
- Both the server and the client compute the data used for authentication according to the random number.
- After computation, the SSH client sends the data back to the server.
- The SSH server then compares the data with that obtained through local computation. If the two are the same, the authentication succeeds. Otherwise, the authentication fails.
After a certain authentication mode is configured on the SSH server, the client sends an authentication request to the server. If the authentication succeeds or the connection with the server expires, the client is cut off from the server.
- Initiating a session requestAfter being authenticated, the SSH client sends a request for a session to the server. The server receives and processes the request, and the session starts.
- Performing an interactive sessionBoth the SSH client and server use the session key to encrypt and decrypt the interactive data. They communicate with each other with high security until the session is over.