Operation Manual – SSH Terminal ServiceH3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration1-1Chapter 1 SSH Terminal Service Configuration1.1 SSH Terminal ServicesThis section covers these topics:z Introduction to SSHz Configuring an SSH Serverz Configuring an SSH Clientz Displaying SSH Configurationz SSH Server Configuration Examplez SSH Client Configuration Example1.1.1 Introduction to SSHSecure shell (SSH) can provide information security and powerful authentication toprevent such assaults as IP address spoofing, plain-text password interception whenusers log on to the Switch remotely in an insecure network environment.As an SSH server, a switch can connect to multiple SSH clients; as an SSH client, aswitch can establish SSH connections with switches or UNIX hosts that support SSHserver.Currently, the S7500 series switches support SSH2.0 (compatible with SSH1.5).The communication process between the server and client includes the following fivestages:1) Version negotiation stage. The following operations are completed at this stage:z The client sends TCP connection requests to the server.z When a TCP connection is established, both ends begin to negotiate the SSHversion.z If they can work together in harmony, they enter the key algorithm negotiationstage. Otherwise the server removes the TCP connection.2) Key and algorithm negotiation stage. The following operations are completed atthis stage:z The server and the client send key algorithm negotiation packets to each other,which include the supported server-side public key algorithm list, encryptionalgorithm list, MAC algorithm list, and compression algorithm list.z Based on the received algorithm negotiation packets, the server and the clientfigure out the algorithms to be used.z The server and the client use the DH key exchange algorithm and parameterssuch as the host key pair to generate the session key and session ID.