132
Chapter 9. SSH Protocol
Servers can be configured to allow different types of authentication, which gives each side the opti
mal amount of control. The server can decide which encryption methods it will support based on its
security model, and the client can choose the order of authentication methods to attempt from among
the available options. Thanks to the secure nature of the SSH transport layer, even seemingly insecure
authentication methods, such as a host based authentication, are safe to use.
Most users requiring a secure shell will authenticate using a password. Since the password is encrypted
when moving over the the transport layer, it can be safely sent across any network.
9.3.3. Connection
After a successful authentication over the SSH transport layer, multiple channels are opened by multi
plexing
4
the single connection between the two systems. Each of these channels handles communica
tion for different terminal sessions, forwarded X11 sessions, or other services seeking to use the SSH
connection.
Both clients and servers can create a new channel. Each channel is then assigned a different number
for each end of the connection. When the client attempts to open a new channel, the clients sends
the channel number along with the request. This information is stored by the server and is used to
direct communication to that channel. This is done so that different types of sessions will not affect
one another and so that when a given session ends, its channel can be closed without disrupting the
primary SSH connection.
Channels also support flow control, which allows them to send and receive data in an orderly fashion.
In this way, data is not sent over the channel until the client receives a message that the channel is
open.
The client and server negotiate the characteristics of each channel automatically, depending on the
type of service the client requests and the way the user is connected to the network. This allows
great flexibility in handling different types of remote connections without having to change the basic
infrastructure of the protocol.
9.4. OpenSSH Configuration Files
OpenSSH has two different sets of configuration files: one for client programs (
ssh
,
scp
, and
sftp
)
and one for the server daemon (
sshd
).
System wide SSH configuration information is stored in the
/etc/ssh/
directory:
moduli
Contains Diffie Hellman groups used for the Diffie Hellman key exchange which is
critical for constructing a secure transport layer. When keys are exchanged at the beginning of an
SSH session, a shared, secret value is created which cannot be determined by either party alone.
This value is then used to provide host authentication.
ssh_config
The system wide default SSH client configuration file. It is overridden if one is
also present in the user's home directory (
~/.ssh/config
).
sshd_config
The configuration file for the
sshd
daemon.
ssh_host_dsa_key
The DSA private key used by the
sshd
daemon.
ssh_host_dsa_key.pub
The DSA public key used by the
sshd
daemon.
ssh_host_key
The RSA private key used by the
sshd
daemon for version 1 of the SSH pro
tocol.
4. A multiplexed connection consists of several signals being sent over a shared, common medium. With SSH,
different channels are sent over a common secure connection.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved