Tera TermRevision: 10477
https://osdn.net/projects/ttssh2/scm/svn/commits/10477
Author: nmaya
Date: 2023-01-12 00:18:18 +0900 (Thu, 12 Jan 2023)
Log Message:
-----------
SSH2 プロトコルのシーケンス図を書き換え
図のソースは ssh2_plantuml.txt
https://www.plantuml.com/plantuml で PNG として出力できる
ticket #39752
Ticket Links:
------------
https://osdn.net/projects/ttssh2/tracker/detail/39752
Modified Paths:
--------------
branches/4-stable/doc/en/html/reference/sourcecode.html
branches/4-stable/doc/ja/html/reference/sourcecode.html
Added Paths:
-----------
branches/4-stable/doc/en/html/reference/image/ssh2_connect1_version.png
branches/4-stable/doc/en/html/reference/image/ssh2_connect2_kex.png
branches/4-stable/doc/en/html/reference/image/ssh2_connect3_auth.png
branches/4-stable/doc/en/html/reference/image/ssh2_connect4_channel.png
branches/4-stable/doc/en/html/reference/image/ssh2_disconnect.png
branches/4-stable/doc/en/html/reference/image/ssh2_plantuml.txt
branches/4-stable/doc/ja/html/reference/image/ssh2_connect1_version.png
branches/4-stable/doc/ja/html/reference/image/ssh2_connect2_kex.png
branches/4-stable/doc/ja/html/reference/image/ssh2_connect3_auth.png
branches/4-stable/doc/ja/html/reference/image/ssh2_connect4_chennel.png
branches/4-stable/doc/ja/html/reference/image/ssh2_disconnect.png
branches/4-stable/doc/ja/html/reference/image/ssh2_plantuml.txt
-------------- next part --------------
Added: branches/4-stable/doc/en/html/reference/image/ssh2_connect1_version.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/en/html/reference/image/ssh2_connect1_version.png
===================================================================
--- branches/4-stable/doc/en/html/reference/image/ssh2_connect1_version.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/en/html/reference/image/ssh2_connect1_version.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/en/html/reference/image/ssh2_connect1_version.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/en/html/reference/image/ssh2_connect2_kex.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/en/html/reference/image/ssh2_connect2_kex.png
===================================================================
--- branches/4-stable/doc/en/html/reference/image/ssh2_connect2_kex.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/en/html/reference/image/ssh2_connect2_kex.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/en/html/reference/image/ssh2_connect2_kex.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/en/html/reference/image/ssh2_connect3_auth.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/en/html/reference/image/ssh2_connect3_auth.png
===================================================================
--- branches/4-stable/doc/en/html/reference/image/ssh2_connect3_auth.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/en/html/reference/image/ssh2_connect3_auth.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/en/html/reference/image/ssh2_connect3_auth.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/en/html/reference/image/ssh2_connect4_channel.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/en/html/reference/image/ssh2_connect4_channel.png
===================================================================
--- branches/4-stable/doc/en/html/reference/image/ssh2_connect4_channel.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/en/html/reference/image/ssh2_connect4_channel.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/en/html/reference/image/ssh2_connect4_channel.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/en/html/reference/image/ssh2_disconnect.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/en/html/reference/image/ssh2_disconnect.png
===================================================================
--- branches/4-stable/doc/en/html/reference/image/ssh2_disconnect.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/en/html/reference/image/ssh2_disconnect.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/en/html/reference/image/ssh2_disconnect.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/en/html/reference/image/ssh2_plantuml.txt
===================================================================
--- branches/4-stable/doc/en/html/reference/image/ssh2_plantuml.txt (rev 0)
+++ branches/4-stable/doc/en/html/reference/image/ssh2_plantuml.txt 2023-01-11 15:18:18 UTC (rev 10477)
@@ -0,0 +1,475 @@
+https://www.plantuml.com/plantuml
+
+* ssh2_connect1_version.png
+ @ startuml
+right footer cf. RFC 4253 Section 4, Section 5
+
+participant client as C
+participant server as S
+
+C -> S: connect
+
+group Protocol Version Exchange
+ C <- S: identification string
+ note right: e.g. "SSH-1.99-OpenSSH_4.3p2 Debian-9\\n"
+
+ C -> S: identification string
+ note left: e.g. "SSH-2.00-TTSSH/2.46 Win32\\n"
+
+ note over C, S #ffffff: server using 1.99 and client using 2.0, then 2.0\n cf. RFC 4253 Section 5.1
+
+end
+ @ startuml
+
+
+
+* ssh2_connect2_kex.png
+ @ startuml
+right footer cf. RFC 4253 Section 7
+
+participant client as C
+participant server as S
+
+group Key Exhnage
+ group Algorithm Negotiation [cf. RFC 4253 Section 7.1]
+ note over C, S #ffffff
+ structure of supported algorithms:
+ name-list kex_algorithms
+ name-list server_host_key_algorithms
+ name-list encryption_algorithms_client_to_server
+ name-list encryption_algorithms_server_to_client
+ name-list mac_algorithms_client_to_server
+ name-list mac_algorithms_server_to_client
+ name-list compression_algorithms_client_to_server
+ name-list compression_algorithms_server_to_client
+ name-list languages_client_to_server
+ name-list languages_server_to_client
+ each algorithm is listed in order of preference
+ end note
+
+ C -> S: SSH_MSG_KEXINIT
+ note left: client's supported algorithms
+
+ C <- S: SSH_MSG_KEXINIT
+ note right: server's supported algorithms
+
+ note over C, S #ffffff: decided to\n- supported by both side\n- highest priority at client side
+ end
+
+ group process that corresponds to\nthe key exchange method [Diffie-Hellman key exchange\ncf. RFC 4253 Section 8]
+
+ note over C, S #ffffff
+ everyone knows:
+ p ... prime
+ g ... generator
+ end note
+
+ note over C, S #ffffff
+ both know:
+ V_C ... the client's identification string
+ V_S ... the server's identification string
+ I_C ... the payload of the client's SSH_MSG_KEXINIT
+ I_S ... the payload of the server's SSH_MSG_KEXINIT
+ end note
+
+ note over C #ffffff: generates a random number x\ncomputes e = g^x mod p
+
+ C -> S: SSH_MSG_KEXDH_INIT
+ note left: e
+
+ note over S #ffffff
+ generates a random number y
+ computes f = g^y mod p
+ computes K = e^y mod p
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ e || f || K)
+ K_S ... public key of server's host key
+ s = signature of H with private key of server's host key
+ end note
+
+ C <- S: SSH_MSG_KEXDH_REPLY
+ note right: K_S\nf\ns
+
+ note over C #ffffff
+ verifies K_S is really the host key
+ (e.g. compare with known_hosts)
+ computes K = f^x mod p
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ e || f || K)
+ verifies the signature s on H
+ (decrypt s with K_S, and compare to H)
+ end note
+
+ note over C, S #ffffff
+ both have:
+ shared secret ... K
+ exchange hash ... H
+ session identifier ... H from first exchange
+ end note
+
+ else Diffie-Hellman Group Exchange\ncf. RFC 4419
+
+ note over C, S #ffffff
+ both know:
+ V_C ... the client's identification string
+ V_S ... the server's identification string
+ I_C ... the payload of the client's SSH_MSG_KEXINIT
+ I_S ... the payload of the server's SSH_MSG_KEXINIT
+ end note
+
+ note over C #ffffff
+ min ... minimal size of p acceptable
+ n ... size of the modulus p that would like to receive
+ max ... maximal size of p acceptable
+ end note
+
+ C -> S: SSH_MSG_KEX_DH_GEX_REQUEST
+ note left: min\nn\nmax
+
+ note over S #ffffff: finds group that matchs client request size\n p ... prime\n g ... generator
+
+ C <- S: SSH_MSG_KEX_DH_GEX_GROUP
+ note right: p\ng
+
+ note over C #ffffff: generates a random number x\ncomputes e = g^x mod p
+
+ C -> S: SSH_MSG_KEX_DH_GEX_INIT
+ note left: e
+
+ note over S #ffffff
+ generates a random number y
+ computes f = g^y mod p
+ computes K = e^y mod p
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ min || n || max || g || e || f || K)
+ K_S ... public key of server's host key
+ s = signature of H with private key of server's host key
+ end note
+
+ C <- S: SSH_MSG_KEX_DH_GEX_REPLY
+ note right: K_S\nf\ns
+
+ note over C #ffffff
+ verifies K_S is really the host key
+ (e.g. compare with known_hosts)
+ computes K = f^x mod p
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ min || n || max || g || e || f || K)
+ verifies the signature s on H
+ (decrypt s with K_S, and compare to H)
+ end note
+
+ note over C, S #ffffff
+ both have:
+ shared secret ... K
+ exchange hash ... H
+ session identifier ... H from first exchange
+ end note
+
+ else Elliptic Curve Diffie-Hellman Key Exchange\ncf. RFC 5656
+
+ note over C, S #ffffff
+ everyone knows:
+ elliptic curve
+ G ... base point
+ end note
+
+ note over C, S #ffffff
+ both know:
+ V_C ... the client's identification string
+ V_S ... the server's identification string
+ I_C ... the payload of the client's SSH_MSG_KEXINIT
+ I_S ... the payload of the server's SSH_MSG_KEXINIT
+ end note
+
+ note over C #ffffff
+ generates a EC key pair
+ d_C ... private key
+ Q_C ... public key
+ Q_C = d_C * G
+ end note
+
+ C -> S: SSH_MSG_KEX_ECDH_INIT
+ note left: Q_C
+
+ note over S #ffffff
+ verifies Q_C is a valid key
+ generates a EC key pair
+ d_S ... private key
+ Q_S ... public key
+ Q_S = d_S * G
+ computes K
+ (x, y) = d_S * Q_C
+ K = x
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ Q_C || Q_S || K)
+ K_S ... public key of server's host key
+ s = signature of H with private key of server's host key
+ end note
+
+ C <- S: SSH_MSG_KEX_ECDH_REPLY
+ note right: K_S\nQ_S\ns
+
+ note over C #ffffff
+ verifies K_S is really the host key
+ (e.g. compare with known_hosts)
+ verifies Q_S is a valid key
+ computes K
+ (x', y') = d_C * Q_S
+ K = x'
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ Q_C || Q_S || K)
+ verifies the signature s on H
+ (decrypt s with K_S, and compare to H)
+ end note
+
+ note over C, S #ffffff
+ both have:
+ shared secret ... K
+ exchange hash ... H
+ session identifier ... H from first exchange
+ end note
+
+ end
+
+ C -> S: SSH_MSG_NEWKEYS
+
+ C <- S: SSH_MSG_NEWKEYS
+end
+
+== Starting from here communication is encrypted. ==
+
+ @ enduml
+
+
+
+* ssh2_connect3_auth.png
+ @ startuml
+right footer cf. RFC 4252, RFC 4253
+
+actor user as U
+participant Pageant as P
+participant client as C
+participant server as S
+
+group Service Request [cf. RFC 4253 Section 10]
+
+ C -> S: SSH_MSG_SERVICE_REQUEST
+ note left: "ssh-userauth"
+
+ C <- S: SSH_MSG_SERVICE_ACCEPT
+ note right: "ssh-userauth"
+
+end
+
+group Authentication
+ alt CheckAuthListFirst is enabled
+
+ U -> C:
+ note left: user name
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: user name\n"ssh-connection"\n"none"
+
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ note right: supported autentication methods
+
+ else disabled
+
+ U -> C:
+ note left: user name
+
+ end
+
+ group process that corresponds to\nthe authentication method [password\ncf. RFC 4252 Section 8]
+
+ U -> C:
+ note left: password
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: user name\n"ssh-connection"\n"password"\npassword
+
+ alt authentication success
+ C <- S: SSH_MSG_USERAUTH_SUCCESS
+ else authentication fail
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ else publickey\ncf. RFC 4252 Section 7
+
+ U -> C:
+ note left: key file for authentication\npassphrase
+ note over C #ffffff: read public key and private key from the file
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: user name\n"ssh-connection"\n"publickey"\nFALSE\npublic key algorithm name\npublic key
+
+ note over S #ffffff: confirm that received public key is acceptable\n(included in authorized_keys, etc.\x81j
+
+ alt acceptable
+ C <- S: SSH_MSG_USERAUTH_PK_OK
+ else not acceptable
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ note over C #ffffff: sign data that has session identifier,\npublic key, etc with private key
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: user name\n"ssh-connection"\n"publickey"\nTRUE\npublic key algorithm name\npublic key\nsignature
+
+ note over S #ffffff: verifies public key and signature
+
+ alt authentication success
+ C <- S: SSH_MSG_USERAUTH_SUCCESS
+ else authentication fail
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ else keyboard-interactive\ncf. RFC 4256
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: user name\n"ssh-connection"\n"keyboard-interactive"
+
+ C <- S: SSH_MSG_USERAUTH_INFO_REQUEST
+ note right: prompt
+
+ loop authentication success or fail
+
+ U -> C:
+ note left: response
+
+ C -> S: SSH_MSG_USERAUTH_INFO_RESPONSE
+ note left: response
+
+ alt have a request to client
+ C <- S: SSH_MSG_USERAUTH_INFO_REQUEST
+ note right: prompt
+ else authentication success
+ C <- S: SSH_MSG_USERAUTH_SUCCESS
+ else authentication fail
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ end
+
+ else publickey with Pageant
+
+ U -> P:
+ note left: (preliminarily)\nkey file for authentication\npassphrase
+
+ P <- C: SSH2_AGENTC_REQUEST_IDENTITIES
+ note right #ffffff: request for public keys
+
+ P -> C: SSH2_AGENTC_REQUEST_ANSWER
+ note left: all public keys that is added
+
+ loop all public keys, until receive PK_OK or reach to limit of failure
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: user name\n"ssh-connection"\n"publickey"\nFALSE\npublic key algorithm name\npublic key
+
+ note over S #ffffff: confirm that received public key is acceptable\n(included in authorized_keys, etc.\x81j
+
+ alt acceptable
+ C <- S: SSH_MSG_USERAUTH_PK_OK
+ else not acceptable
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+ end
+
+ P <- C: SSH2_AGENTC_SIGN_REQUEST
+ note right: data that has session identifier,\npublic key, etc\n cf. RFC 4252 Section 7
+
+ note over P #ffffff: sign received data with the correspond private key
+
+ P -> C: SSH2_AGENTC_SIGN_RESPONSE
+ note left: signature
+
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: user name\n"ssh-connection"\n"publickey"\nTRUE\npublic key algorithm name\npublic key\nsignature
+
+ note over S #ffffff: verifies public key and signature
+
+ alt authentication success
+ C <- S: SSH_MSG_USERAUTH_SUCCESS
+ else authentication fail
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ end
+end
+
+ @ enduml
+
+
+
+* ssh2_connect4_channel.png
+ @ startuml
+right footer cf. RFC 4254
+
+participant client as C
+participant server as S
+
+group Channel Open
+ C -> S: SSH_MSG_CHANNEL_OPEN
+ note left: "session"\n cf. RFC 4254 Section 6.1
+
+ C <- S: SSH_MSG_CHANNEL_OPEN_CONFIRMATION
+
+ alt ForwardAgent is enabled
+ C -> S: SSH_MSG_CHANNEL_REQUEST
+ note left: "auth-****@opens*****"
+
+ C <- S: SSH_MSG_CHANNEL_SUCCESS
+ end
+
+ C -> S: SSH_MSG_CHANNEL_REQUEST
+ note left: "pty-req" \n Pseudo-Terminal\n cf. RFC 4254 Section 6.2
+
+ C <- S: SSH_MSG_CHANNEL_SUCCESS
+
+ C -> S: SSH_MSG_CHANNEL_REQUEST
+ note left: "shell" \n Shell\n cf. RFC 4254 Section 6.5
+
+ C <- S: SSH_MSG_CHANNEL_WINDOW_ADJUST
+ note right: SSH server's window size\n cf. RFC 4254 Section 5.2
+
+ C <- S: SSH_MSG_CHANNEL_SUCCESS
+
+ C <- S: SSH_MSG_CHANNEL_DATA
+ note right: shell information
+
+ note over C #ffffff: Passed to Tera Term core. \nTera Term then waits for recv() to return data.
+end
+
+ @ enduml
+
+
+
+* ssh2_disconnect.png
+ @ startuml
+right footer cf. RFC 4254 Section 5.3
+
+actor user as U
+participant client as C
+participant server as S
+participant shell as SHELL
+
+U -> SHELL: logout
+
+S <-- SHELL:
+
+C <- S: SSH_MSG_CHANNEL_EOF
+
+C <- S: SSH_MSG_CHANNEL_REQUEST
+note right: "exit-status"\n cf. RFC 4254 Section 6.10
+
+C <- S: SSH_MSG_CHANNEL_CLOSE
+
+C -> S: SSH_MSG_CHANNEL_CLOSE
+
+C -> S: SSH_MSG_DISCONNECT
+note left #ffffff: cf. RFC 4253 Section 11.1
+
+note over C #ffffff: Closing TCP session and notifying Tera Term core\nthat session was closed.
+ @ enduml
Modified: branches/4-stable/doc/en/html/reference/sourcecode.html
===================================================================
--- branches/4-stable/doc/en/html/reference/sourcecode.html 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/en/html/reference/sourcecode.html 2023-01-11 15:18:18 UTC (rev 10477)
@@ -919,27 +919,26 @@
<div align="center">
-<img src="image/ssh2_sequence1.png" width=720 height=540>
+<img src="image/ssh2_connect1_version.png">
</div>
<div align="center">
-<img src="image/ssh2_sequence2.png" width=720 height=540>
+<img src="image/ssh2_connect2_kex.png">
</div>
-The next drawing shows the flow of the packets when client explicitly closes the connection, i.e. enters "exit" or "logout" command in the remote shell. <br>
+<div align="center">
+<img src="image/ssh2_connect3_auth.png">
+</div>
<div align="center">
-<img src="image/ssh2_sequence3.png" width=720 height=540>
+<img src="image/ssh2_connect4_chennel.png">
</div>
-In addition to password based SSH authentication, TTSSH also supports keyboard-interactive, public key based and public key with Pageant authentication methods. Packet flows for each of these methods are shown below. <br>
+The next drawing shows the flow of the packets when client explicitly closes the connection, i.e. enters "exit" or "logout" command in the remote shell. <br>
<div align="center">
-<img src="image/ssh2_auth1.png" width=720 height=540>
+<img src="image/ssh2_disconnect.png">
</div>
-<div align="center">
-<img src="image/ssh2_auth2.png" width=720 height=540>
-</div>
Added: branches/4-stable/doc/ja/html/reference/image/ssh2_connect1_version.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/ja/html/reference/image/ssh2_connect1_version.png
===================================================================
--- branches/4-stable/doc/ja/html/reference/image/ssh2_connect1_version.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/ja/html/reference/image/ssh2_connect1_version.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/ja/html/reference/image/ssh2_connect1_version.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/ja/html/reference/image/ssh2_connect2_kex.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/ja/html/reference/image/ssh2_connect2_kex.png
===================================================================
--- branches/4-stable/doc/ja/html/reference/image/ssh2_connect2_kex.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/ja/html/reference/image/ssh2_connect2_kex.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/ja/html/reference/image/ssh2_connect2_kex.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/ja/html/reference/image/ssh2_connect3_auth.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/ja/html/reference/image/ssh2_connect3_auth.png
===================================================================
--- branches/4-stable/doc/ja/html/reference/image/ssh2_connect3_auth.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/ja/html/reference/image/ssh2_connect3_auth.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/ja/html/reference/image/ssh2_connect3_auth.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/ja/html/reference/image/ssh2_connect4_chennel.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/ja/html/reference/image/ssh2_connect4_chennel.png
===================================================================
--- branches/4-stable/doc/ja/html/reference/image/ssh2_connect4_chennel.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/ja/html/reference/image/ssh2_connect4_chennel.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/ja/html/reference/image/ssh2_connect4_chennel.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/ja/html/reference/image/ssh2_disconnect.png
===================================================================
(Binary files differ)
Index: branches/4-stable/doc/ja/html/reference/image/ssh2_disconnect.png
===================================================================
--- branches/4-stable/doc/ja/html/reference/image/ssh2_disconnect.png 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/ja/html/reference/image/ssh2_disconnect.png 2023-01-11 15:18:18 UTC (rev 10477)
Property changes on: branches/4-stable/doc/ja/html/reference/image/ssh2_disconnect.png
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Added: branches/4-stable/doc/ja/html/reference/image/ssh2_plantuml.txt
===================================================================
--- branches/4-stable/doc/ja/html/reference/image/ssh2_plantuml.txt (rev 0)
+++ branches/4-stable/doc/ja/html/reference/image/ssh2_plantuml.txt 2023-01-11 15:18:18 UTC (rev 10477)
@@ -0,0 +1,475 @@
+https://www.plantuml.com/plantuml
+
+* ssh2_connect1_version.png
+ @ startuml
+right footer cf. RFC 4253 Section 4, Section 5
+
+participant client as C
+participant server as S
+
+C -> S: connect
+
+group Protocol Version Exchange
+ C <- S: identification string
+ note right: e.g. "SSH-1.99-OpenSSH_4.3p2 Debian-9\\n"
+
+ C -> S: identification string
+ note left: e.g. "SSH-2.00-TTSSH/2.46 Win32\\n"
+
+ note over C, S #ffffff: \x83T\x81[\x83o\x82\xAA 1.99 \x82ŃN\x83\x89\x83C\x83A\x83\x93\x83g\x82\xAA 2.0 \x82̏ꍇ\x82\xCD 2.0\n cf. RFC 4253 Section 5.1
+
+end
+ @ startuml
+
+
+
+* ssh2_connect2_kex.png
+ @ startuml
+right footer cf. RFC 4253 Section 7
+
+participant client as C
+participant server as S
+
+group Key Exhnage
+ group Algorithm Negotiation [cf. RFC 4253 Section 7.1]
+ note over C, S #ffffff
+ supported algorithms \x82̍\\x91\xA2:
+ name-list kex_algorithms
+ name-list server_host_key_algorithms
+ name-list encryption_algorithms_client_to_server
+ name-list encryption_algorithms_server_to_client
+ name-list mac_algorithms_client_to_server
+ name-list mac_algorithms_server_to_client
+ name-list compression_algorithms_client_to_server
+ name-list compression_algorithms_server_to_client
+ name-list languages_client_to_server
+ name-list languages_server_to_client
+ \x82\xBB\x82ꂼ\x82\xEA\x82̃A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82͗D\x90揇\x82ɕ\xC0\x82\xF1\x82ł\xA2\x82\xE9
+ end note
+
+ C -> S: SSH_MSG_KEXINIT
+ note left: \x83N\x83\x89\x83C\x83A\x83\x93\x83g\x82\xCC supported algorithms
+
+ C <- S: SSH_MSG_KEXINIT
+ note right: \x83T\x81[\x83o\x82\xCC supported algorithms
+
+ note over C, S #ffffff: - \x97\xBC\x95\xFB\x82ŃT\x83|\x81[\x83g\x82\xB5\x82Ă\xA2\x82\xE9\n- \x83N\x83\x89\x83C\x83A\x83\x93\x83g\x91\xA4\x82ōł\xE0\x97D\x90\xE6\x93x\x82\xAA\x8D\x82\x82\xA2\n\x95\xFB\x8E\xAE\x82Ɍ\x88\x92肷\x82\xE9
+ end
+
+ group \x8C\xAE\x8C\xF0\x8A\xB7\x95\x{33AE0B2}\x82Ƃ̏\x88\x97\x9D [Diffie-Hellman key exchange\ncf. RFC 4253 Section 8]
+
+ note over C, S #ffffff
+ \x92N\x82\xE0\x82\xAA\x92m\x82\xC1\x82Ă\xA2\x82\xE9:
+ p ... prime
+ g ... generator
+ end note
+
+ note over C, S #ffffff
+ \x97\xBC\x8E҂\xAA\x92m\x82\xC1\x82Ă\xA2\x82\xE9:
+ V_C ... the client's identification string
+ V_S ... the server's identification string
+ I_C ... the payload of the client's SSH_MSG_KEXINIT
+ I_S ... the payload of the server's SSH_MSG_KEXINIT
+ end note
+
+ note over C #ffffff: \x97\x90\x90\x94 x \x82\xAC\x82\xB7\x82\xE9\ne = g^x mod p \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+
+ C -> S: SSH_MSG_KEXDH_INIT
+ note left: e
+
+ note over S #ffffff
+ \x97\x90\x90\x94 y \x82\xAC\x82\xB7\x82\xE9
+ f = g^y mod p \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+ K = e^y mod p \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ e || f || K)
+ K_S ... \x83T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̌\xF6\x8AJ\x8C\xAE
+ s = \x83T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̔閧\x8C\xAE\x82\xF0\x97p\x82\xA2\x82\xBD H \x82̏\x90\x96\xBC
+ end note
+
+ C <- S: SSH_MSG_KEXDH_REPLY
+ note right: K_S\nf\ns
+
+ note over C #ffffff
+ K_S \x82\xAA\x96{\x93\x96\x82Ƀz\x83X\x83g\x82̌\xAE\x82\xA9\x8C\x9F\x8F\xB7\x82\xE9
+ (e.g. known_hosts \x82Əƍ\x87\x82\xB7\x82\xE9)
+ K = f^x mod p \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ e || f || K)
+ \x8F\x90\x96\xBC s \x82\xAA H \x82̂\xE0\x82̂\xA9\x8C\x9F\x8F\xB7\x82\xE9
+ (s \x82\xF0 K_S \x82ŕ\x9C\x8D\x86\x82\xB5\x81AH \x82Ɣ\xE4\x8Ar\x82\xB7\x82\xE9)
+ end note
+
+ note over C, S #ffffff
+ \x97\xBC\x8E҂\xAA\x8E\x9D\x82\xC1\x82Ă\xA2\x82\xE9:
+ shared secret ... K
+ exchange hash ... H
+ \x83Z\x83b\x83V\x83\x87\x83\x93ID ... \x8F\x89\x89\xF1\x82̌\xAE\x8C\xF0\x8A\xB7\x82\xCC H
+ end note
+
+ else Diffie-Hellman Group Exchange\ncf. RFC 4419
+
+ note over C, S #ffffff
+ \x97\xBC\x8E҂\xAA\x92m\x82\xC1\x82Ă\xA2\x82\xE9:
+ V_C ... the client's identification string
+ V_S ... the server's identification string
+ I_C ... the payload of the client's SSH_MSG_KEXINIT
+ I_S ... the payload of the server's SSH_MSG_KEXINIT
+ end note
+
+ note over C #ffffff
+ min ... \x8E\xFC\x82\xEA\x82\xE7\x82\xEA\x82\xE9 p \x82̍ŏ\xAC\x83T\x83C\x83Y
+ n ... \x8E\xF3\x90M\x82\xB5\x82\xBD\x82\xA2\x83\x82\x83W\x83\x85\x83\x89\x83X p \x82̃T\x83C\x83Y
+ max ... \x8E\xFC\x82\xEA\x82\xE7\x82\xEA\x82\xE9 p \x82̍ő\xE5\x83T\x83C\x83Y
+ end note
+
+ C -> S: SSH_MSG_KEX_DH_GEX_REQUEST
+ note left: min\nn\nmax
+
+ note over S #ffffff: \x83N\x83\x89\x83C\x83A\x83\x93\x83g\x82\xA9\x82\xE7\x82̃T\x83C\x83Y\x82̗v\x8B\x81\x82\xBD\x82\xB7 group \x82\xF0\x92T\x82\xB7\n p ... prime\n g ... generator
+
+ C <- S: SSH_MSG_KEX_DH_GEX_GROUP
+ note right: p\ng
+
+ note over C #ffffff: \x97\x90\x90\x94 x \x82\xAC\x82\xB7\x82\xE9\ne = g^x mod p \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+
+ C -> S: SSH_MSG_KEX_DH_GEX_INIT
+ note left: e
+
+ note over S #ffffff
+ \x97\x90\x90\x94 y \x82\xAC\x82\xB7\x82\xE9
+ f = g^y mod p \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+ K = e^y mod p \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ min || n || max || g || e || f || K)
+ K_S ... \x83T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̌\xF6\x8AJ\x8C\xAE
+ s = \x83T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̔閧\x8C\xAE\x82\xF0\x97p\x82\xA2\x82\xBD H \x82̏\x90\x96\xBC
+ end note
+
+ C <- S: SSH_MSG_KEX_DH_GEX_REPLY
+ note right: K_S\nf\ns
+
+ note over C #ffffff
+ K_S \x82\xAA\x96{\x93\x96\x82Ƀz\x83X\x83g\x82̌\xAE\x82\xA9\x8C\x9F\x8F\xB7\x82\xE9
+ (e.g. known_hosts \x82Əƍ\x87\x82\xB7\x82\xE9)
+ K = f^x mod p \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ min || n || max || g || e || f || K)
+ \x8F\x90\x96\xBC s \x82\xAA H \x82̂\xE0\x82̂\xA9\x8C\x9F\x8F\xB7\x82\xE9
+ (s \x82\xF0 K_S \x82ŕ\x9C\x8D\x86\x82\xB5\x81AH \x82Ɣ\xE4\x8Ar\x82\xB7\x82\xE9)
+ end note
+
+ note over C, S #ffffff
+ \x97\xBC\x8E҂\xAA\x8E\x9D\x82\xC1\x82Ă\xA2\x82\xE9:
+ shared secret ... K
+ exchange hash ... H
+ \x83Z\x83b\x83V\x83\x87\x83\x93ID ... \x8F\x89\x89\xF1\x82̌\xAE\x8C\xF0\x8A\xB7\x82\xCC H
+ end note
+
+ else Elliptic Curve Diffie-Hellman Key Exchange\ncf. RFC 5656
+
+ note over C, S #ffffff
+ \x92N\x82\xE0\x82\xAA\x92m\x82\xC1\x82Ă\xA2\x82\xE9:
+ elliptic curve
+ G ... base point
+ end note
+
+ note over C, S #ffffff
+ \x97\xBC\x8E҂\xAA\x92m\x82\xC1\x82Ă\xA2\x82\xE9:
+ V_C ... the client's identification string
+ V_S ... the server's identification string
+ I_C ... the payload of the client's SSH_MSG_KEXINIT
+ I_S ... the payload of the server's SSH_MSG_KEXINIT
+ end note
+
+ note over C #ffffff
+ EC \x8C\xAE\x83y\x83A\x82\xAC\x82\xB7\x82\xE9
+ d_C ... \x94閧\x8C\xAE
+ Q_C ... \x8C\xF6\x8AJ\x8C\xAE
+ Q_C = d_C * G
+ end note
+
+ C -> S: SSH_MSG_KEX_ECDH_INIT
+ note left: Q_C
+
+ note over S #ffffff
+ Q_C \x82\xAA\x8C\xAE\x82Ƃ\xB5\x82Đ\xB3\x82\xB5\x82\xA2\x82\xA9\x8Am\x94F\x82\xB7\x82\xE9
+ EC \x8C\xAE\x83y\x83A\x82\xAC\x82\xB7\x82\xE9
+ d_S ... \x94閧\x8C\xAE
+ Q_S ... \x8C\xF6\x8AJ\x8C\xAE
+ Q_S = d_S * G
+ K \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+ (x, y) = d_S * Q_C
+ K = x
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ Q_C || Q_S || K)
+ K_S ... \x83T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̌\xF6\x8AJ\x8C\xAE
+ s = \x83T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̔閧\x8C\xAE\x82\xF0\x97p\x82\xA2\x82\xBD H \x82̏\x90\x96\xBC
+ end note
+
+ C <- S: SSH_MSG_KEX_ECDH_REPLY
+ note right: K_S\nQ_S\ns
+
+ note over C #ffffff
+ K_S \x82\xAA\x96{\x93\x96\x82Ƀz\x83X\x83g\x82̌\xAE\x82\xA9\x8C\x9F\x8F\xB7\x82\xE9
+ (e.g. known_hosts \x82Əƍ\x87\x82\xB7\x82\xE9)
+ Q_S \x82\xAA\x8C\xAE\x82Ƃ\xB5\x82Đ\xB3\x82\xB5\x82\xA2\x82\xA9\x8Am\x94F\x82\xB7\x82\xE9
+ K \x82\xF0\x8Cv\x8EZ\x82\xB7\x82\xE9
+ (x', y') = d_C * Q_S
+ K = x'
+ H = hash(V_C || V_S || I_C || I_S || K_S ||
+ Q_C || Q_S || K)
+ \x8F\x90\x96\xBC s \x82\xAA H \x82̂\xE0\x82̂\xA9\x8C\x9F\x8F\xB7\x82\xE9
+ (s \x82\xF0 K_S \x82ŕ\x9C\x8D\x86\x82\xB5\x81AH \x82Ɣ\xE4\x8Ar\x82\xB7\x82\xE9)
+ end note
+
+ note over C, S #ffffff
+ \x97\xBC\x8E҂\xAA\x8E\x9D\x82\xC1\x82Ă\xA2\x82\xE9:
+ shared secret ... K
+ exchange hash ... H
+ \x83Z\x83b\x83V\x83\x87\x83\x93ID ... \x8F\x89\x89\xF1\x82̌\xAE\x8C\xF0\x8A\xB7\x82\xCC H
+ end note
+
+ end
+
+ C -> S: SSH_MSG_NEWKEYS
+
+ C <- S: SSH_MSG_NEWKEYS
+end
+
+== \x82\xB1\x82\xEA\x88ȍ~\x82̒ʐM\x82͈Í\x86\x89\xBB\x82\xB3\x82\xEA\x82\xE9 ==
+
+ @ enduml
+
+
+
+* ssh2_connect3_auth.png
+ @ startuml
+right footer cf. RFC 4252, RFC 4253
+
+actor user as U
+participant Pageant as P
+participant client as C
+participant server as S
+
+group Service Request [cf. RFC 4253 Section 10]
+
+ C -> S: SSH_MSG_SERVICE_REQUEST
+ note left: "ssh-userauth"
+
+ C <- S: SSH_MSG_SERVICE_ACCEPT
+ note right: "ssh-userauth"
+
+end
+
+group Authentication
+ alt CheckAuthListFirst \x82\xAA\x97L\x8C\xF8\x82ȏꍇ
+
+ U -> C:
+ note left: \x83\x86\x81[\x83U\x96\xBC
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: \x83\x86\x81[\x83U\x96\xBC\n"ssh-connection"\n"none"
+
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ note right: \x83T\x83|\x81[\x83g\x82\xB5\x82Ă\xA2\x82\xE9\x94F\x8Fؕ\xFB\x8E\xAE
+
+ else \x96\xB3\x8C\xF8\x82ȏꍇ
+
+ U -> C:
+ note left: \x83\x86\x81[\x83U\x96\xBC
+
+ end
+
+ group \x94F\x8Fؕ\x{33AE0B2}\x82Ƃ̏\x88\x97\x9D [password\ncf. RFC 4252 Section 8]
+
+ U -> C:
+ note left: \x83p\x83X\x83\x8F\x81[\x83h
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: \x83\x86\x81[\x83U\x96\xBC\n"ssh-connection"\n"password"\n\x83p\x83X\x83\x8F\x81[\x83h
+
+ alt \x94F\x8Fؐ\xAC\x8C\xF7
+ C <- S: SSH_MSG_USERAUTH_SUCCESS
+ else \x94F\x8F؎\xB8\x94s
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ else publickey\ncf. RFC 4252 Section 7
+
+ U -> C:
+ note left: \x94F\x8Fؗp\x8C\xAE\x83t\x83@\x83C\x83\x8B\n\x83p\x83X\x83t\x83\x8C\x81[\x83Y
+ note over C #ffffff: \x83t\x83@\x83C\x83\x8B\x82\xA9\x82\xE7\x8C\xF6\x8AJ\x8C\xAE\x82Ɣ閧\x8C\xAE\x82\xF0\x93ǂ\xDE
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: \x83\x86\x81[\x83U\x96\xBC\n"ssh-connection"\n"publickey"\nFALSE\n\x8C\xF6\x8AJ\x8C\xAE\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x96\xBC\n\x8C\xF6\x8AJ\x8C\xAE
+
+ note over S #ffffff: \x8E\xF3\x90M\x82\xB5\x82\xBD\x8C\xF6\x8AJ\x8C\xAE\x82\xAA\x8Eł\xAB\x82邩\x8Am\x94F\n\x81iauthorized_keys\x82ɂ\xA0\x82\xE9\x81A\x82Ȃǁj
+
+ alt \x8Eł\xAB\x82\xE9
+ C <- S: SSH_MSG_USERAUTH_PK_OK
+ else \x8Eł\xAB\x82Ȃ\xA2
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ note over C #ffffff: \x83Z\x83b\x83V\x83\x87\x83\x93ID\x81E\x8C\xF6\x8AJ\x8C\xAE\x82Ȃǂ̈\xEA\x98A\x82̃f\x81[\x83^\n\x82\xF0\x94閧\x8C\xAE\x82ŏ\x90\x96\xBC\x82\xB7\x82\xE9
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: \x83\x86\x81[\x83U\x96\xBC\n"ssh-connection"\n"publickey"\nTRUE\n\x8C\xF6\x8AJ\x8C\xAE\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x96\xBC\n\x8C\xF6\x8AJ\x8C\xAE\n\x8F\x90\x96\xBC
+
+ note over S #ffffff: \x8C\xF6\x8AJ\x8C\xAE\x82Ə\x90\x96\xBC\x82\xF0\x8C\x9F\x8F\xD8
+
+ alt \x94F\x8Fؐ\xAC\x8C\xF7
+ C <- S: SSH_MSG_USERAUTH_SUCCESS
+ else \x94F\x8F؎\xB8\x94s
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ else keyboard-interactive\ncf. RFC 4256
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: \x83\x86\x81[\x83U\x96\xBC\n"ssh-connection"\n"keyboard-interactive"
+
+ C <- S: SSH_MSG_USERAUTH_INFO_REQUEST
+ note right: \x83v\x83\x8D\x83\x93\x83v\x83g
+
+ loop \x94F\x8F\xAA\x90\xAC\x8C\xF7\x82܂\xBD\x82͎\xB8\x94s\x82\xB7\x82\xE9
+
+ U -> C:
+ note left: \x83\x8C\x83X\x83|\x83\x93\x83X
+
+ C -> S: SSH_MSG_USERAUTH_INFO_RESPONSE
+ note left: \x83\x8C\x83X\x83|\x83\x93\x83X
+
+ alt \x83N\x83\x89\x83C\x83A\x83\x93\x83g\x82ւ̃\x8A\x83N\x83G\x83X\x83g\x82\xAA\x82\xA0\x82\xE9
+ C <- S: SSH_MSG_USERAUTH_INFO_REQUEST
+ note right: \x83v\x83\x8D\x83\x93\x83v\x83g
+ else \x94F\x8Fؐ\xAC\x8C\xF7
+ C <- S: SSH_MSG_USERAUTH_SUCCESS
+ else \x94F\x8F؎\xB8\x94s
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ end
+
+ else publickey with Pageant
+
+ U -> P:
+ note left: \x81i\x8E\x96\x91O\x82Ɂj\n\x94F\x8Fؗp\x8C\xAE\x83t\x83@\x83C\x83\x8B\n\x83p\x83X\x83t\x83\x8C\x81[\x83Y
+
+ P <- C: SSH2_AGENTC_REQUEST_IDENTITIES
+ note right #ffffff: \x8C\xF6\x8AJ\x8C\xAE\x82\xF0\x97v\x8B\x81
+
+ P -> C: SSH2_AGENTC_REQUEST_ANSWER
+ note left: \x93o\x98^\x82\xB3\x82\xEA\x82Ă\xA2\x82\xE9\x8C\xF6\x8AJ\x8C\xAE\x82\xB7\x82ׂ\xC4
+
+ loop \x8C\xF6\x8AJ\x8C\xAE\x82\xF0\x82\xB7\x82ׂČJ\x82\xE8\x95Ԃ\xB5, PK_OK \x82\xAA\x95Ԃ\xC1\x82Ă\xAD\x82\xE9\x81A\x82܂\xBD\x82͔F\x8F؎\xB8\x94s\x8F\xE3\x8C\xC0\x82ɒB\x82\xB7\x82\xE9\x82܂\xC5
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: \x83\x86\x81[\x83U\x96\xBC\n"ssh-connection"\n"publickey"\nFALSE\n\x8C\xF6\x8AJ\x8C\xAE\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x96\xBC\n\x8C\xF6\x8AJ\x8C\xAE
+
+ note over S #ffffff: \x8E\xF3\x90M\x82\xB5\x82\xBD\x8C\xF6\x8AJ\x8C\xAE\x82\xAA\x8Eł\xAB\x82邩\x8Am\x94F\n\x81iauthorized_keys\x82ɂ\xA0\x82\xE9\x81A\x82Ȃǁj
+
+ alt \x8Eł\xAB\x82\xE9
+ C <- S: SSH_MSG_USERAUTH_PK_OK
+ else \x8Eł\xAB\x82Ȃ\xA2
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+ end
+
+ P <- C: SSH2_AGENTC_SIGN_REQUEST
+ note right: \x83Z\x83b\x83V\x83\x87\x83\x93ID\x81E\x8C\xF6\x8AJ\x8C\xAE\x82Ȃǂ̈\xEA\x98A\x82̃f\x81[\x83^\n cf. RFC 4252 Section 7
+
+ note over P #ffffff: \x8E\xE6\x82\xC1\x82\xBD\x83f\x81[\x83^\x82\xF0\x91Ή\x9E\x82\xB7\x82\xE9\x94閧\x8C\xAE\x82ŏ\x90\x96\xBC\x82\xB7\x82\xE9
+
+ P -> C: SSH2_AGENTC_SIGN_RESPONSE
+ note left: \x8F\x90\x96\xBC
+
+
+ C -> S: SSH_MSG_USERAUTH_REQUEST
+ note left: \x83\x86\x81[\x83U\x96\xBC\n"ssh-connection"\n"publickey"\nTRUE\n\x8C\xF6\x8AJ\x8C\xAE\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x96\xBC\n\x8C\xF6\x8AJ\x8C\xAE\n\x8F\x90\x96\xBC
+
+ note over S #ffffff: \x8C\xF6\x8AJ\x8C\xAE\x82Ə\x90\x96\xBC\x82\xF0\x8C\x9F\x8F\xD8
+
+ alt \x94F\x8Fؐ\xAC\x8C\xF7
+ C <- S: SSH_MSG_USERAUTH_SUCCESS
+ else \x94F\x8F؎\xB8\x94s
+ C <- S: SSH_MSG_USERAUTH_FAILURE
+ end
+
+ end
+end
+
+ @ enduml
+
+
+
+* ssh2_connect4_channel.png
+ @ startuml
+right footer cf. RFC 4254
+
+participant client as C
+participant server as S
+
+group Channel Open
+ C -> S: SSH_MSG_CHANNEL_OPEN
+ note left: "session"\n cf. RFC 4254 Section 6.1
+
+ C <- S: SSH_MSG_CHANNEL_OPEN_CONFIRMATION
+
+ alt ForwardAgent \x82\xAA\x97L\x8C\xF8\x82ȏꍇ
+ C -> S: SSH_MSG_CHANNEL_REQUEST
+ note left: "auth-****@opens*****"
+
+ C <- S: SSH_MSG_CHANNEL_SUCCESS
+ end
+
+ C -> S: SSH_MSG_CHANNEL_REQUEST
+ note left: "pty-req" \n Pseudo-Terminal\n cf. RFC 4254 Section 6.2
+
+ C <- S: SSH_MSG_CHANNEL_SUCCESS
+
+ C -> S: SSH_MSG_CHANNEL_REQUEST
+ note left: "shell" \n Shell\n cf. RFC 4254 Section 6.5
+
+ C <- S: SSH_MSG_CHANNEL_WINDOW_ADJUST
+ note right: SSH\x83T\x81[\x83o\x82̃E\x83B\x83\x93\x83h\x83E\x83T\x83C\x83Y\n cf. RFC 4254 Section 5.2
+
+ C <- S: SSH_MSG_CHANNEL_SUCCESS
+
+ C <- S: SSH_MSG_CHANNEL_DATA
+ note right: \x83V\x83F\x83\x8B\x8F\xEE\x95\xF1
+
+ note over C #ffffff: Tera Term \x96{\x91̂֓n\x82\xB7\x81B\nTera Term \x82ɂ\xCD recv() \x82\xAA\x95Ԃ\xC1\x82\xBD\x82悤\x82Ɍ\xA9\x82\xA6\x82\xE9\x81B
+end
+
+ @ enduml
+
+
+
+* ssh2_disconnect.png
+ @ startuml
+right footer cf. RFC 4254 Section 5.3
+
+actor user as U
+participant client as C
+participant server as S
+participant shell as SHELL
+
+U -> SHELL: logout
+
+S <-- SHELL:
+
+C <- S: SSH_MSG_CHANNEL_EOF
+
+C <- S: SSH_MSG_CHANNEL_REQUEST
+note right: "exit-status"\n cf. RFC 4254 Section 6.10
+
+C <- S: SSH_MSG_CHANNEL_CLOSE
+
+C -> S: SSH_MSG_CHANNEL_CLOSE
+
+C -> S: SSH_MSG_DISCONNECT
+note left #ffffff: cf. RFC 4253 Section 11.1
+
+note over C #ffffff: TCP\x83Z\x83b\x83V\x83\x87\x83\x93\x82̃N\x83\x8D\x81[\x83Y\x8F\x88\x97\x9D\x82\xF0\x8Ds\x82\xA4\x81B\nTera Term \x96{\x91̂֏I\x97\xB9\x82̒ʒm\x82\xF0\x8Fo\x82\xB7\x81B
+ @ enduml
Modified: branches/4-stable/doc/ja/html/reference/sourcecode.html
===================================================================
--- branches/4-stable/doc/ja/html/reference/sourcecode.html 2023-01-11 14:41:54 UTC (rev 10476)
+++ branches/4-stable/doc/ja/html/reference/sourcecode.html 2023-01-11 15:18:18 UTC (rev 10477)
@@ -898,27 +898,26 @@
<div align="center">
-<img src="image/ssh2_sequence1.png" width=720 height=540>
+<img src="image/ssh2_connect1_version.png">
</div>
<div align="center">
-<img src="image/ssh2_sequence2.png" width=720 height=540>
+<img src="image/ssh2_connect2_kex.png">
</div>
-\x81@\x88ȉ\xBA\x82́A\x83\x8A\x83\x82\x81[\x83g\x83z\x83X\x83g\x82̃V\x83F\x83\x8B\x8F\xE3\x82\xC5"exit"\x82\xE2"logout"\x82Ƃ\xB5\x82āA\x83N\x83\x89\x83C\x83A\x83\x93\x83g\x82\xA9\x82疾\x8E\xA6\x93I\x82ɃV\x83F\x83\x8B\x82\xF0\x83N\x83\x8D\x81[\x83Y\x82\xB7\x82\xE9\x82Ƃ\xAB\x82́A\x83p\x83P\x83b\x83g\x82̗\xAC\x82\xEA\x82\xF0\x8E\xA6\x82\xB5\x82Ă\xA2\x82܂\xB7\x81B<br>
+<div align="center">
+<img src="image/ssh2_connect3_auth.png">
+</div>
<div align="center">
-<img src="image/ssh2_sequence3.png" width=720 height=540>
+<img src="image/ssh2_connect4_chennel.png">
</div>
-\x81 @ TTSSH\x82́ASSH2\x82Ńp\x83X\x83\x8F\x81[\x83h\x94F\x8F̂ق\xA9\x82\xC9keyboard-interactive\x94F\x8FApublickey\x94F\x8FAPageant\x82𗘗p\x82\xB5\x82\xBDpublickey\x94F\x8F\xF0\x83T\x83|\x81[\x83g\x82\xB5\x82Ă\xA2\x82܂\xB7\x81B\x82\xBB\x82ꂼ\x82\xEA\x82̔F\x8Fؕ\xFB\x8E\xAE\x82łǂ̂悤\x82ȃV\x81[\x83P\x83\x93\x83X\x82ŔF\x8F\xAA\x8Ds\x82\xED\x82\xEA\x82\xE9\x82̂\xA9\x81A\x88ȉ\xBA\x82Ɏ\xA6\x82\xB5\x82܂\xB7\x81B
+\x81@\x88ȉ\xBA\x82́A\x83\x8A\x83\x82\x81[\x83g\x83z\x83X\x83g\x82̃V\x83F\x83\x8B\x8F\xE3\x82\xC5"exit"\x82\xE2"logout"\x82Ƃ\xB5\x82āA\x83N\x83\x89\x83C\x83A\x83\x93\x83g\x82\xA9\x82疾\x8E\xA6\x93I\x82ɃV\x83F\x83\x8B\x82\xF0\x83N\x83\x8D\x81[\x83Y\x82\xB7\x82\xE9\x82Ƃ\xAB\x82́A\x83p\x83P\x83b\x83g\x82̗\xAC\x82\xEA\x82\xF0\x8E\xA6\x82\xB5\x82Ă\xA2\x82܂\xB7\x81B<br>
<div align="center">
-<img src="image/ssh2_auth1.png" width=720 height=540>
+<img src="image/ssh2_disconnect.png">
</div>
-<div align="center">
-<img src="image/ssh2_auth2.png" width=720 height=540>
-</div>