Narhari Motivaras's blog

The Basics of Secure Shell (SSH)

Photo by Pavan Trikutam on Unsplash

The Basics of Secure Shell (SSH)

Narhari Motivaras's photo
Narhari Motivaras
Jan 10, 2023·

3 min read

Table of contents

Overview

In this article, we will cover the basics of a secure shell and understand the behind-the-scenes of it with the favour of cryptography.

Secure Shell (SSH)

  • A secure shell is a secure network protocol that allows secure communication between two peers, i.e., sender and recipient, over an unsecured network (Internet) by leveraging cryptography.

Usage:

  1. Remotely access server

  2. Transfering files between the client and the server

Asymmetric Encryption

  • SSH uses asymmetric encryption, which requires a unique key pair - public and private keys. As the name suggests, a public key is meant to be shared with others, and a private key is intended to keep confidential by the owner.

  • In a practical scenario, a message is encrypted using a public key and decrypted with a private key. This ensures that only the owner of the private key can only decrypt the message.

Registering Client On Server

a client can register with the server using the following steps:

  1. The client generates a unique public and private key pair using ssh-keygen.

  2. The client sends the public key to the server, which adds it to its authorized_keys file.

As the protocol is secure from both ends, one must authenticate the server and client.

Authenticating Server

A server can be authenticated by the client using the following steps:

  1. A first-time client tries to connect to the server using SSH.

  2. The client and the server agree on a secret key using the Diffie-Hellman key exchange algorithm.

  3. The server sends its public key (SHA-256 fingerprint) to the client, and based on the server's public key, the client accepts or rejects it.

  4. The client will add the SHA-256 fingerprint to its known_hosts file if accepted. If rejected, the process is terminated.

Authenticating Client

A client can be authenticated by the server using the following steps:

  1. The client tries to connect to the server using SSH.

  2. The client and server agree on a secret key using the Diffie-Hellman key exchange algorithm.

  3. The client sends the public key (SHA-256 fingerprint) to the server, and the server matches the client's public key against the key mentioned in the authorized_keys file.

  4. If the server accepts the key, it generates a random number and encrypts the random number using the corresponding client's public key and sends this encrypted message to the client.

  5. The client decrypts the random number with its private key

  6. The client generates a hash of random numbers and a secret key using the MD5 algorithm and sends it to the server

  7. The server also generates a hash of random numbers and a secret key at its end

  8. The server compares the generated hash with the hash received from the client

  9. If the server's hash and client hash match, authentication is successful, and an interactive session is opened.

Conclusion

  • In this short article, we have discussed how ssh works using asymmetric encryption and understood why it claims to be a secure communication protocol.
Devopsbackend