Transport Layer


The primary role of the transport layer is to facilitate safe and secure communication between the two hosts at the time of and after authentication. Usually running over TCP/IP, the transport layer accomplishes this by handling the encryption and decryption of data, verifying that the server is the correct machine for authentication, and providing integrity protection of data packets as they are sent and received. In addition, the transport layer can also provide compression of the data, effectively speeding the transfer of information.

Once a client contacts a server using the SSH protocol, several important points are negotiated so that the two systems can correctly construct the transport layer/

  1. Key exchange
  2. The public key algorithm to be used
  3. The symmetric encryption algorithm to be used
  4. The message authentication algorithm to be used
  5. The hash algorithm to be used

During the key exchange, the server identifies itself to the client with a host key. Of course, if this client has never communicated with this particular server before, then the server's key will be unknown to the client. OpenSSH gets around this problem by allowing the client to accept the server's host key the first time an SSH connection occurs. Then, in subsequent connections, the server's host key can be checked with a saved version on the client, providing confidence that the client is indeed communicating with the intended server.


 

Home