Linux Classroom Series – 30/Jul/2020

Basics skills for SSH

  • Lets understand a scenario where alice wants to communicate to Joy. The communication channel which they are using in not secure (Any one can hook & read their messages) Preview
  • What can be done by Alice & Joy so that they use the same communication channel, still their message are secure.
  • They encrypt and decrypt the messages Preview
  • To do this Encryption and decryption we have two major ways
    • Symmetric encryption
    • Asymmetric encryption
  • In Symmetric both Alice and Joy will have the same key to encrypt and do decrypt Preview
  • In Asymmetric alice or joy will create a key pair. Alice will have a key and joy will have other key (both are different). One key is called as public & Other is private.
  • If the message is encrypted with public key it can be decrypted with private and the other way around Preview

Secure Shell (SSH)

  • Telnet was used to communicated with a remote server, Telnet is not a secure communication protocol & it transfers the data over network/internet in a plain text, so to overcome this issue SSH came into existence
  • SSH protocol provides the secure way of accessing remote computers.
  • IN SSH we will have two parties
    • SSH Client
    • SSH Server Preview

HOW SSH works

  • SSH protocol uses symmetric encryption, asymmetric encryption and hashing in order to secure transmission of information.
  • SSH Connection b/w client and server happens in 3 stages
    1. Verification of server by the client
    2. Generation of session key to encrypt all the communication
    3. Authentication of the client by server

Verification of the server by client

  • Client initiates ssh connection with server. Server listens to ssh connections by default on port 22. At this point is server identity verified, but we have two cases
    1. Communication b/w client and server for the first time:
      • client is asked to authenticate the server manually by verifying the public key of the server. Once the key is verified, the server will be added to ~/.ssh/known_hosts.
    2. If the client is not accessing the server for the first time server’s identity will be matched with previously recorded information on known_hosts file

Generation of SESSION KEY

  • After the server is verified, both parties negotiate a session key using some version Diffie-Helmen algorithm.
  • This generated session key is used for encrypting and decrypting the message during the session

Authentication of the client

  • Final step involves authentication of the client by server. Authentication is done by using SSH key pair
  • As soon as session key is generated the authentication happens as mentioned in the following steps
  • Client begins by sending an ID of the key pair it would like to authenticate
  • Server checks authorized_keys file
  • If matching ID is found, server generates a random number and uses the public key to encrypt the number and sends this message
  • If the client has the correct private key, it will decrypt this message and obtain random
  • This random is combine with session and hash is generated. This hash is sent to server as an answer.
  • If the two values match, it proves that client has valid private key and client is authenticated

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin