1-4z The server starts to authenticate the user. If authentication fails, the server sends an authenticationfailure message to the client, which contains the list of methods used for a new authenticationprocess.z The client selects an authentication type from the method list to perform authentication again.z The above process repeats until the authentication succeeds, or the connection is torn down whenthe authentication times reach the upper limit.SSH provides two authentication methods: password authentication and publickey authentication.z In password authentication, the client encrypts the username and password, encapsulates theminto a password authentication request, and sends the request to the server. Upon receiving therequest, the server decrypts the username and password, compares them with those it maintains,and then informs the client of the authentication result.z The publickey authentication method authenticates clients using digital signatures. Currently, thedevice supports only RSA to implement digital signatures. The client sends to the server apublickey authentication request containing its user name, public key and algorithm. The serververifies the public key. If the public key is invalid, the authentication fails; otherwise, the servergenerates a digital signature to authenticate the client, and then sends back a message to informthe success or failure of the authentication.Session requestAfter passing authentication, the client sends a session request to the server, while the server listens toand processes the request from the client. If the client passes authentication, the server sends back tothe client an SSH_SMSG_SUCCESS packet and goes on to the interactive session stage with theclient. Otherwise, the server sends back to the client an SSH_SMSG_FAILURE packet, indicating thatthe processing fails or it cannot resolve the request. The client sends a session request to the server,which processes the request and establishes a session.Data exchangeIn this stage, the server and the client exchanges data in this way:z The client encrypts and sends the command to be executed to the server.z The server decrypts and executes the command, and then encrypts and sends the result to theclient.z The client decrypts and displays the result on the terminal.SSH Server and ClientTo use SSH for secure login to a switch from a device, the switch must be configured as an SSH serverand the device must be configured as an SSH client. As shown in Figure 1-2, Host A, Host B, and HostD are configured as SSH clients to securely access the Switch A, which is acting as the SSH server.