Product specifications
Efficient Networks
®
Router family
Technical Reference Guide
Chapter 5: System Security
Efficient Networks
®
Page 5-71
Another perspective of the SSH protocol illustrates that it consists of three major
components:
• Transport Layer Protocol - The transport layer protocol provides server
authentication, confidentiality, and integrity. The transport layer is typically
run over a TCP/IP connection, but may also be used on top of any other
reliable data stream. This phase is also known as the Protocol Identification
phase. The negotiation messages between the client and server are shown
in Figure 5-10.
Note: A connection is always initiated by the client side.
• User Authentication Protocol - The user authentication protocol authenticates
the client-side user to the server. This authentication phase runs over the
transport layer protocol. This phase’s negotiation messages are shown in
Figure 5-11. In this phase, both ends of the connection enable encryption
using the selected keys and encryption method.
• The Connection protocol multiplexes the encrypted tunnel into several logical
channels. This protocol runs over the user authentication protocol and is also
known as the Session Presentation phase. The negotiation messages
between the client and server for this phase are shown in Figure 5-12.
Currently, only 1 channel per tunnel is supported with a maximum of five
tunnels.
Figure 5-10: Protocol Identification Phase
Figure 5-11: Authentication Phase
Client
Server
Conection
Version Identification
Version Identification
Client
Server
Host Key + Server Key
Encrypted Session key +
selected cipher type
Success or Failure
Client Authentication
Encryption Confirmation