Hi asosin,
How much detail do you want? For the basic authentication, the session is
authenticated with a "cookie", then encrypted with 3DES, CAST128, Blowfish,
or Twofish. After that, the hosts authenticate with public keys (and/or
.shosts/.rhosts files). If user authentication is required, that is done
by either password or user public key.
If you want more detail, go check out the IETF drafts. The links are
available at the SSH FAQ in
http://www.tigerlair.com/ssh/faq/ssh-faq-1.html#ss1.3
-Anne
On Fri, Apr 28, 2000 at 05:03:44PM -0400, asosin wrote:
> Can anyone explain in general how the SSH2 authentication between the
> Server and Client works, thus prior to the user entering their password and
> without using ".rhosts or RSA user authentication" ?
> (How is this authentication better then SSH1 ?)
>
> If anyone knows a URL, that will suffice.
>
>
> Thanks.
>
------------------------------------------------------------------------
Anne Carasik, Principal Consultant | Any two consenting adults can rub
SSH Communications Security, Inc. | two primes together to create
Email: [EMAIL PROTECTED] | a public keypair" - R. Thayer
------------------------------------------------------------------------
My opinions are my own. My employer doesn't want them.
