132


Chapter 9. SSH Protocol


Servers can be configured to allow different types of authentication, which gives each side the opti 


mal amount of control. The server can decide which encryption methods it will support based on its


security model, and the client can choose the order of authentication methods to attempt from among


the available options. Thanks to the secure nature of the SSH transport layer, even seemingly insecure


authentication methods, such as a host based authentication, are safe to use.


Most users requiring a secure shell will authenticate using a password. Since the password is encrypted


when moving over the the transport layer, it can be safely sent across any network.


9.3.3. Connection


After a successful authentication over the SSH transport layer, multiple channels are opened by multi 


plexing


4


the single connection between the two systems. Each of these channels handles communica 


tion for different terminal sessions, forwarded X11 sessions, or other services seeking to use the SSH


connection.


Both clients and servers can create a new channel. Each channel is then assigned a different number


for each end of the connection. When the client attempts to open a new channel, the clients sends


the channel number along with the request. This information is stored by the server and is used to


direct communication to that channel. This is done so that different types of sessions will not affect


one another and so that when a given session ends, its channel can be closed without disrupting the


primary SSH connection.


Channels also support flow control, which allows them to send and receive data in an orderly fashion.


In this way, data is not sent over the channel until the client receives a message that the channel is


open.


The client and server negotiate the characteristics of each channel automatically, depending on the


type of service the client requests and the way the user is connected to the network. This allows


great flexibility in handling different types of remote connections without having to change the basic


infrastructure of the protocol.


9.4. OpenSSH Configuration Files


OpenSSH has two different sets of configuration files: one for client programs (


ssh


,


scp


, and


sftp


)


and one for the server daemon (


sshd


).


System wide SSH configuration information is stored in the


/etc/ssh/


directory:


  moduli


  Contains Diffie Hellman groups used for the Diffie Hellman key exchange which is


critical for constructing a secure transport layer. When keys are exchanged at the beginning of an


SSH session, a shared, secret value is created which cannot be determined by either party alone.


This value is then used to provide host authentication.


  ssh_config


  The system wide default SSH client configuration file. It is overridden if one is


also present in the user's home directory (


~/.ssh/config


).


  sshd_config


  The configuration file for the


sshd


daemon.


  ssh_host_dsa_key


  The DSA private key used by the


sshd


daemon.


  ssh_host_dsa_key.pub


  The DSA public key used by the


sshd


daemon.


  ssh_host_key


  The RSA private key used by the


sshd


daemon for version 1 of the SSH pro 


tocol.


4. A multiplexed connection consists of several signals being sent over a shared, common medium. With SSH,


different channels are sent over a common secure connection.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved