What is SSH?

SSH, or Secure Shell, is a network protocol that allows one computer to securely connect to another computer over an unsecured network, like the internet, by having a shared agreement of how to communicate. SSH is an?application layer?protocol, which is the 7th layer of the?OSI model.

SSH is really useful because you do not have to have physical access to another machine; you can simply connect to it over the internet. This allows us to control servers remotely.

SSH first appeared in the mid 90s and was designed as a replacement for?Telnet, which is also an application layer protocol that transferred data without encryption. Without encryption, data travels over the internet in plain text. Anyone with a packet sniffer between you and the remote machine could see all the data you were transferring and everything you were doing.

Encryption is a way to hide a piece of data so that it is unreadable unless you know how to decode or decrypt the data. SSH was created as a secure way of communication that encrypts data through a tunnel, so that bad actor cannot retrieve the data during transfer. With SSH, you can still see that data is being transferred and how much data is being transferred, but you cannot see what the data is.

SSH is commonly implemented using the?client-server model. One computer is called the?SSH client?and another machine acts as the?SSH server?or?host.

HTTPS, or HyperText Transfer Protocol Secure, is also another protocol that encrypts data. So what is the difference between SSH and HTTPS? HTTPS allows web browsers to communicate with servers to display websites. SSH allows for?shells?to enable data exchange or communication between two devices, not just browsers, and a server. Shells allow you to talk to operating systems.

When you connect to an SSH server, you are dropped into a shell. This shell can be a Linux terminal shell or a Windows command prompt shell where you can execute commands on the machine you are connected to. When you use a terminal or command line, you are talking to your operating system. With SSH, you can talk to remote operating systems too.

What Can We Transfer With SSH?

SSH can be used to transmit:

• Data
• Commands
• Text
• Files (Using SFTP: Secure File Transfer Protocol, basically an encrypted version of FTP that makes it that man-in-the-middle attacks are not possible)

How does SSH work?

SSH breaks data down into a series of packets. Like any packet transfer, there are a few fields at the beginning.

At the top, the?Packet Length?tells you how big the packet is. After that, you have another byte,?Padding Amount?tells you how much padding there is. Then you have your data, the?Payload. Following the payload, you have?Padding. That padding is random bytes that don’t mean anything but are encrypted along with the payload to make it even harder to detect the data because you’ve thrown in this random extra data. Finally, you have a?Message Authentication Code?so that you can be sure the data has not been tampered with.

The payload can also be compressed using standard compression algorithms. The whole packet, excluding the length and authentication code, is then encrypted.

The packet is then sent to the server. The server decrypts the packet and decompresses the payload to extract the data. The same process is done for every packet sent over the connection.

To keep SSH secure, SSH uses three different types of data manipulation techniques at various points during transmission. The three techniques used in SSH are:

1. Symmetrical Encryption
2. Asymmetrical Encryption
3. Hashing

Symmetrical Encryption

Symmetric encryption is the type of encryption where one key can be used to encrypt messages sent to the destination and also decrypt messages received at the destination. This encryption scheme is also known as?shared secret encryption?or?shared key encryption.

Both devices use the same key to encrypt data they are sending over and decrypt data they receive. A secret key is specific to each SSH session. This is the type of encryption that is used to encrypt the entire SSH connection to stop man-in-the-middle attacks from being able to read the data because they do not have this secret key.

One problem that arises is the initial key exchange. If a third party is listening during the key exchange, they would now know the key and be able to decrypt all our messages. One way to prevent this is by using a Key Exchange Algorithm.

A?Key Exchange Algorithm?is a secure way to exchange secret keys without an interception. This is done by two computers exchanging public data and then manipulating that data independently to derive the secret key. In order to implement a key exchange algorithm, we need Asymmetrical Encryption.

Asymmetrical Encryption

Asymmetrical encryption is encryption through the use of two separate keys for encryption and decryption, a public key and a private key. The public key can be shared with anyone but the private key is never shared. A public key and a private key form a?key pair. A message that is encrypted with a machine’s public key can only be decrypted by its private key. The public key is stored on the SSH server and the private key is stored locally on the SSH client.

If I give you my public key, you can send me a message by encrypting it with my public key. I will then be able to read it by decrypting it using my private key.

Even if a third party manages to obtain a public key, they will not be able to decrypt any messages because they don’t have a private key. So long as the private key is never sent over and is secure on your device, your messages can’t be decrypted.

SSH uses asymmetrical encryption in a few places such as the key exchange algorithm used to set up the symmetrical encryption. Asymmetrical encryption is also used as the key that can be used to SSH into a server without the use of a password. We exchange the algorithm to generate the keys (the yellow keys in diagram 1) used to encrypt and decrypt messages.

Both devices generate temporary public and private keys and share their respective public keys. They then independently generate a new symmetric key that both devices will use to encrypt and decrypt messages. This generation is done using the?Diffie Hellman key exchange.

At the start of a Diffie Hellman key exchange, the two devices need to agree on a few parameters that they will use for the key exchange:

• Generator?g
• Prime number?n

Each device will use?g?along with their private keys to generate a public key.

If you want to know the math behind the Diffie Hellman, watch this?video.

Once a secure symmetric communication has been established, the server uses the client’s public key to generate a?challenge?and transmits it to the client for authentication. If the client can successfully decrypt the challenge, which means that it holds the private key required for a connection, the SSH session begins.

Hashing

Hashing is another form of cryptography used it secure shell connections. Hashing allows you to create a signature or summary of a set of information. It is a one-way process and hashed data is never meant to be decrypted. But how is this useful?

If a third party manages to dupe the client and the host, they can tamper with messages. SSH uses?HMAC?(Hash-based Message Authentication Codes). HMACs ensure that the messages sent are received in a complete and unmodified form.

Using a hash function, each message that is transmitted must contain something called a MAC. This MAC is a hash generated from the symmetric key, the packet sequence number, and the message contents that were sent. Using these three elements combined as inputs into a hash function and this hash function will output some piece of string that has no meaning. This string, or?signature, is sent to the host.

Now, how does the host check if the message has been tampered with?

Because the host has the same information (the symmetric key, the packet sequence number, and the message content), they can use the same hash function to generate a hash too. If the generated hash matches the one received, this verifies the?signature?of the client.

This works because if the data is changed in any way, even something as small as capitalizing a letter, the hash will be completely different.

Thanks To: Level-up Coding