71 SSH TERMINAL SERVICESSSH Terminal ServicesIntroduction to SSH Secure Shell (SSH) can provide information security and powerful authentication toprevent such attacks as IP address spoofing, plain-text password interceptionwhen users log on to the Switch remotely through an insecure network.As an SSH server, a switch can connect to multiple SSH clients; as an SSH client, aswitch can establish SSH connections with switches or UNIX hosts that supportSSH server.Currently, the Switch 7750 supports SSH2.0 (compatible with SSH1.5).The communication process between the server and client includes these fivestages:1 Version negotiation stage. These operations are completed at this stage:■ The client sends TCP connection requirement to the server.■ When TCP connection is established, both ends begin to negotiate the SSHversion.■ If they can work together in harmony, they enter the key algorithm negotiationstage. Otherwise the server clears the TCP connection.2 Key algorithm negotiation stage. These operations are completed at this stage:■ The server and the client send key algorithm negotiation packets to each other,which include the supported public key algorithm list, encryption algorithm list,MAC algorithm list, and compression algorithm list.■ Based on the received algorithm negotiation packets, the server and the clientfigure out the algorithms to be used.■ The server and the client use the DH key exchange algorithm and parameterssuch as the host key pair to generate the session key and session ID.Through the above steps, the server and the client get the same session key, whichis to be used to encrypt and decrypt data exchanged between the server and theclient later. The server and the client use session ID in the authentication stage.3 Authentication method negotiation stage.The client sends an authentication request carrying the username andauthentication method to the server. The server starts to authenticate the user.SSH supports two authentication types: password authentication and RSAauthentication.