How SSH operates

This section uses SSH2 as an example.

To establish an SSH session, an SSH client and an SSH server go through the stages listed in Table 14. For more information about these stages, see SSH Technology White Paper.

Table 14: Stages involved in secure session establishment

Stages

Description

Connection establishment

The SSH server listens to the connection requests on port 22. After a client initiates a connection request, the server and the client establish a TCP connection.

Version negotiation

The two parties determine a version to use.

Algorithm negotiation

SSH supports multiple algorithms. Based on the local algorithms, the two parties determine to use the following algorithms:

  • Key exchange algorithm for generating session keys.

  • Encryption algorithm for encrypting data.

  • Public key algorithm for digital signature and authentication.

  • HMAC algorithm for protecting data integrity.

Key exchange

The two parties use the Diffie-Hellman (DH) exchange algorithm to dynamically generate the session keys and the session ID.

  • Session keys are used for protecting data transfer.

  • The session ID is used for identifying the SSH connection.

In this stage, the client also authenticates the server.

Authentication

The SSH server authenticates the client in response to the client's authentication request.

Session request

After passing authentication, the client sends a session request to the server to request the establishment of a session (Stelnet, SFTP, or SCP).

Interaction

After the server grants the request, the client and the server start to communicate with each other in the session.

In this stage, you can execute commands from the client by pasting the commands in text format. The text must be within 2000 bytes. To execute the commands successfully, Hewlett Packard Enterprise recommends that you paste the commands that are in the same view.

If you want to execute commands of more than 2000 bytes, follow these steps:

  1. Save the commands in a configuration file.

  2. Upload the configuration file to the server through SFTP.

  3. Use the configuration file to restart the server.