Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Guida di Installazione Scaricare il pdf (Pagina 134)

134 Chapter 10. SSH Protocol

10.3.3. Connection

After a successful authentication over the SSH transport layer, multiple channels are opened by multi-

plexing

the single connection between the two systems. Each of these channels handles communica-

tion for different terminal sessions, forwarded X11 sessions, or other services seeking to use the SSH

connection.

Both clients and servers can create a new channel. Each channel is then assigned a different number

for each end of the connection. When the client attempts to open a new channel, the clients sends

the channel number along with the request. This information is stored by the server and is used to

direct communication to that channel. This is done so that different types of sessions will not affect

one another and so that when a given session ends, its channel can be closed without disrupting the

primary SSH connection.

Channels also support ﬂow-control, which allows them to send and receive data in an orderly fashion.

In this way, data is not sent over the channel until the client receives a message that the channel is

open.

The client and server negotiate the characteristics of each channel automatically, depending on the

type of service the client requests and the way the user is connected to the network. This allows

great ﬂexibility in handling different types of remote connections without having to change the basic

infrastructure of the protocol.

10.4. OpenSSH Conﬁguration Files

OpenSSH has two different sets of conﬁguration ﬁles: one for client programs (ssh, scp, and sftp)

and one for the server service (sshd).

System-wide SSH conﬁguration information is stored in the /etc/ssh/ directory:

• moduli — Contains Difﬁe-Hellman groups used for the Difﬁe-Hellman key exchange which is

critical for constructing a secure transport layer. When keys are exchanged at the beginning of an

SSH session, a shared, secret value is created which cannot be determined by either party alone.

This value is then used to provide host authentication.

• ssh_config — The system-wide default SSH client conﬁguration ﬁle. It is overridden if one is

also present in the user’s home directory (~/.ssh/config).

• sshd_config — The conﬁguration ﬁle for sshd.

• ssh_host_dsa_key — The DSA private key used by sshd.

• ssh_host_dsa_key.pub — The DSA public key used by sshd.

• ssh_host_key — The RSA private key used by sshd for version 1 of the SSH protocol.

• ssh_host_key.pub — The RSA public key used by sshd for version 1 of the SSH protocol.

• ssh_host_rsa_key — The RSA private key used by sshd for version 2 of the SSH protocol.

• ssh_host_rsa_key.pub — The RSA public key used by sshd for version 2 of the SSH protocol.

User-speciﬁc SSH conﬁguration information is stored in the user’s home directory within the

~/.ssh/ directory:

• authorized_keys — The ﬁle that holds a list of "authorized" public keys. If a connecting user can

prove that they know the private key which corresponds to any of these, then they are authenticated.

Note, this is only an optional authentication method.

3. A multiplexed connection consists of several signals being sent over a shared, common medium. With SSH,

different channels are sent over a common secure connection.

1 2 ... 129 130 131 132 133 134 135 136 137 138 139 ... 281 282

Commenti su questo manuale

Nessun commento

Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Guida di Installazione Pagina 134

Commenti su questo manuale

Prodotti e manuali riguardandi Software di system management Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE