How encryption and authentication work in SSH.

SSH or Secure Shell is a protocol for secure remote login from one computer to another. It provides many options to set up strong authentication. The communication is entirely encrypted and secure.

Before we move further, let us understand the different data manipulation techniques SSH uses to achieve this.

Symmetrical Encryption:

This is the kind of encryption where one key is used to encrypt and decrypt messages to and from the client. It is also called shared secret or secret key encryption. This symmetrical key is used by SSH to encrypt the entire communication.

Asymmetrical Encryption:

This kind of encryption makes use of two keys, a private key, and a public key. The public key is shared with other parties. The public key and private key are associated but the private key cannot be derived from the public key.

The mathematical relationship between public and private keys helps the private key to decrypt the messages encrypted by the public key.

Hashing:

Hash functions are methods of creating a signature of a set of information. Using the same hash function on a message should always produce the same result. If the message is modified in any way, it should produce an entirely different hash.

Extracting the original message from the hash should not be possible. But, should be able to identify if a given message generated a given hash.

Now that we have a basic understanding of these data manipulation techniques, let’s roll on to their usage in SSH.

SSH Protocol uses a client-server model to authenticate two systems and encrypt communication between them.

An SSH session is established through the following steps:

1. Encryption:

The client initiates the TCP connection and the server responds with all the protocol versions it supports and a public key. With the public key, the client checks if it’s a valid host.

After this, using a version of the Diffie-Hellman algorithm, both the client and the server decide on the session key.

1. Both parties decide on a large prime number which becomes the base value.
2. They agree on an encryption generator which converts the values in a specific way.
3. Now, individually both of them generate another prime number that is not shared with the other. This number is used as the private key for communication.
4. The key generated in the above step, the shared prime number, and the encryption generator are used to create a public key. This can be shared with others.
5. They exchange the generated public key.
6. After the exchange, both of them use their own private key, the received public key and the prime number shared in the beginning to derive a shared secret key. Using opposite private and public keys ensures that the result will be the same shared key.
7. Now this shared secret key is used to encrypt all interactions from here on.

2. Authentication:

Different methods can be used for authentication like Password authentication, Public key authentication, Keyboard authentication, GSSAPI Authentication, etc.

Password authentication is the easiest one where the client asks for a password and uses it to authenticate itself to the server.

Public key authentication is one of the frequently used methods. It uses SSH key pairs to authenticate itself.

Public Key Authentication:

1. The client sends an ID of the key pair it will be using to authenticate.
2. The server has a file where it keeps all the authorized keys. If the public key with the given ID is present in the file, the server generates a random number and encrypts it with this public key.
3. The encrypted message is then sent to the client.
4. If the client has the related private key, it will manage to decrypt the message and get the number sent.
5. The client combines the decrypted number and the secret key generated at the encryption level to encrypt all the communication and computes the MD5 hash of this value.
6. This MD5 hash value is then sent to the server.
7. The server calculates its own MD5 hash for the combination of the same shared secret key and the original number. If the derived value matches the one sent by the client, it proves that the client had the correct private key and is authenticated.

Now that we know what goes on in the background of an SSH connection, I hope it helps you visualize it better.