Red Hat ENTERPRISE LINUX 3 Reference Manual

Also see for ENTERPRISE LINUX 3 - SECURITY GUIDE: Tuning guide Installation guide Installation guide Installation guide Manual

Contents

278 Chapter 19. SSH Protocol19.3.3. ChannelsAfter a successful authentication over the SSH transport layer, multiple channels are opened via atechnique called multiplexing4. Each of these channels handles communication for different terminalsessions and for forwarded X11 sessions.Both clients and servers can create a new channel. Each channel is then assigned a different numberon each end of the connection. When the client attempts to open a new channel, the clients sendsthe channel number along with the request. This information is stored by the server and is used todirect communication to that channel. This is done so that different types of sessions will not affectone another and so that when a given session ends, its channel can be closed without disrupting theprimary SSH connection.Channels also support flow-control, which allows them to send and receive data in an orderly fashion.In this way, data is not sent over the channel until the client receives a message that the channel isopen.The client and server negotiate the characteristics of each channel automatically, depending on thetype of service the client requests and the way the user is connected to the network. This allowsgreat flexibility in handling different types of remote connections without having to change the basicinfrastructure of the protocol.19.4. OpenSSH Configuration FilesOpenSSH has two different sets of configuration files: one for client programs (ssh, scp, and sftp)and one for the server daemon (sshd).System-wide SSH configuration information is stored in the /etc/ssh/ directory:• moduli — Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange which iscritical for constructing a secure transport layer. When keys are exchanged at the beginning of anSSH session, a shared, secret value is created which cannot be determined by either party alone.This value is then used to provide host authentication.• ssh_config — The system-wide default SSH client configuration file. It is overridden if one isalso present in the user’s home directory (~/.ssh/config).• sshd_config — The configuration file for the sshd daemon.• ssh_host_dsa_key — The DSA private key used by the sshd daemon.• ssh_host_dsa_key.pub — The DSA public key used by the sshd daemon.• ssh_host_key — The RSA private key used by the sshd daemon for version 1 of the SSH pro-tocol.• ssh_host_key.pub — The RSA public key used by the sshd daemon for version 1 of the SSHprotocol.• ssh_host_rsa_key — The RSA private key used by the sshd daemon for version 2 of the SSHprotocol.• ssh_host_rsa_key.pub — The RSA public key used by the sshd for version 2 of the SSHprotocol.User-specific SSH configuration information is stored in the user’s home directory within the~/.ssh/ directory:4. A multiplexed connection consists of several signals being sent over a shared, common medium. With SSH,different channels are sent over a common secure connection.