How SSH works
This section uses SSH2 as an example to describe the stages to establish an SSH session.
Table 13: Stages to establish an SSH session
Stages | Description |
|---|---|
Connection establishment | The SSH server listens to connection requests on port 22. After a client initiates a connection request, the server and the client establish a TCP connection. |
Version negotiation | The two parties determine a version to use. |
Algorithm negotiation | SSH supports multiple algorithms. Based on the local algorithms, the two parties negotiate the following algorithms:
|
Key exchange | The two parties use the DH exchange algorithm to dynamically generate the session keys and session ID.
In this stage, the client also authenticates the server. |
Authentication | The SSH server authenticates the client in response to the client's authentication request. |
Session request | After passing the authentication, the client sends a session request to the server to request the establishment of a session (or request the Stelnet, SFTP, SCP, or NETCONF service). |
Interaction | After the server grants the request, the client and the server start to communicate with each other in the session. In this stage, you can paste commands in text format and execute them at the CLI. The text pasted at one time must be no more than 2000 bytes. As a best practice to ensure correct command execution, paste commands that are in the same view. To execute commands of more than 2000 bytes, save the commands in a configuration file, upload the file to the server through SFTP, and use it to restart the server. |