SSH - Secure Shell - Obsidian Publish

>[!quote] In a Nutshell >**Network protocol** that allows communication between two systems that is both **encrypted** (so no one can easily eavesdrop) and **authenticated** (so you can be sure you're connecting to the right machine). SSH provides a way to remotely access another machine, execute commands, and transfer files, all while encrypting the data in transit. --- #### Authentication Process with Asymmetric Encryption (Public/Private Key) Each system has a pair of a private and a public key. Only the private key can decipher data that was encrypted via the public key and it is computationally infeasible to guess this decryption procedure based on only knowing the public key. ![[Pasted image 20241205130653.png|center]] - **Step 1: Session Initiation** - Client connects to the SSH server and says, “I’d like to start an encrypted session.” - **Step 2: Server Identity Verification (Optional)** - The server sends its own public host key to the client. - The client can verify this key against a known list (stored in `~/.ssh/known_hosts`). - **Step 3: Key Exchange and Session Key Creation** - SSH uses a **key exchange algorithm** like **Diffie-Hellman** or **ECDH**: - Both sides agree on a **shared session key** (symmetric key). - This key is used to **encrypt/decrypt the session** using symmetric encryption (e.g., AES). - Note: This session key is **temporary** and different for each session. - **Step 4: Client Authentication Using Private Key** - Now the server challenges the client to prove ownership of the private key. 1. Server encrypts a **random challenge message** using the client’s **public key**. 2. Client **decrypts** it using its **private key**. 3. Client sends back the original message or a hash of it, proving it has the private key. >[!brainwaves] Symmetric Encryption for the actual Session >The asymmetric process above is basically impossible to crack, but also very slow. Therefore, after authentication the shared key is used to encrypt the actual data to speed up data transfer. > >With this symmetric process, a common key is used for encryption and decryption. --- #### Advanced Features - **[[Port|Port]] Forwarding**: SSH can securely tunnel other network protocols, allowing for things like accessing a database behind a firewall. - **File Transfer**: With tools like `SCP` ([[scp - Copy via SSH|Secure Copy]]) or `SFTP` (Secure File Transfer Protocol), SSH allows for secure file transfers between machines. >[!brainwaves] Implementation on Linux >A widely-used open source implementation of the SSH protocoll is [[OpenSSH]], e.g. used in [[- Linux -|Linux]] distros.