| 7.1 | In SSHv2 key generation, both the session ID and the exchange hash are included in the key calculation (Figure 7.33). Given that the session ID has the same value as the exchange hash, why are they both included? |
| 7.2 | In the SSHv2 public key authentication method, the server does not send the client a challenge, as in the SSHv1 RSA method, but sends a signature over predetermined data (see Figure 7.38). Explain why the SSHv2 method is resistant to replay attacks. |
| 7.3 | Show how to build an SSH VPN between two networks by using PPP instead of gtunnel. |
| 7.4 | In principle, it would be possible to build a hardware implementation of our SSH VPN by embedding a TCP/IP stack and SSH protocol firmware into an Ethernet card. Is this a practical suggestion? Why or why not? Notice how Figure 7.22 becomes an exact depiction of the network architecture if we do this. |
