SSH
What is SSH?
Why we need to use it?
How it works?
SSH Public And Private Keys
Commonly Encountered Problems
What is SSH?
SSH stands for "Secure Shell" and is a network protocol for securely communicating between computers and that allows users to control and modify their remote servers over the Internet.
Why we need to use it?
We could use telnet or FTP to connect with the other computer. However, the information during transmitting can be seen by anybody. It is very crucial security issue and needs to be encrypted.
How it works?
Basic flow is like below.
- Establish TCP connection
- Authorization using private key and public key (Asymmetrical Encryption)
Generate shared key by key exchange algorithm.
Encrypt every messages (Symmetrical Encryption)
Symmetrical Encryption
Symmetrical Encryption is having same shared keys called secret key on each computers and does encryption and decryption by using the key. The secret key is only generated by key exchange algorithm on Asymmetrical Encryption process. The secret key is never transmitted so that it is hard to be stoled.
Asymmetrical Encryption
Asymmetrical encryption is used to generate secret key by Diffie-hellman key exchange algorithm. Hashing
SSH Public And Private Keys
Public/private asymmetrical key pairs that can be created are only used for authentication, not the encrypting the connection.
Public key is a key can be exposed to anybody.
Private key is a key needs to be in your server or client and never exposed.
Public key can not decrypt the hash encrypted by itself.
Hashing
One way hashing
One way hashing is generating a hash value which can not be decrypted. SSH uses hashes to verify the authenticity of messages. This is done using HMACs, or Hash based Message Authentication Codes. Each message that is transmitted must contain a MAC, which is calculated using the symmetric key, packet sequence number, and the message contents.
Authentication
Password
RSA
RSA (Rivest-Shamir-Adleman), the most widely used asymmetric algorithm, is embedded in the SSL/TLS protocol which is used to provide communications security over a computer network.
Generate key pair
ssh-keygen -C "___YOUR_EMAIL___"
Set public key to authorized_keys file on remote machine
We don't need to type password every time but we can set public key on authorized_keys file, which allows to match public key.
touch ~/.ssh/authorized_keys
# authorized_keys
ssh-rsa 0dsd9dsa3dds2ds03sdas802hdsuhd