SSH

General[edit]

Secure Shell (SSH) uses (see here or here) different cryptograhic methods. Assymetric methods for authentication, symmetric methods (AES, ...) for communiction for a session and hashing.

Asymmetric Method[edit]

Asymmetric methods are only used at the beginning when client and server negotiate the authentication and session communication.

A public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public. Together they are known as a key-pair. In SSH, the public key cryptography is used in both directions (client to server and server to client), so two key pairs are used. One key pair is known as a host (server) key, the other as a user (client) key. Any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.

One important issue is confidence/proof that a particular public key is authentic, i.e. that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party. There are several possible approaches, including:

• A public key infrastructure (PKI), in which one or more third parties – known as certificate authorities – certify ownership of key pairs. TLS relies upon this.
• A "web of trust" which decentralizes authentication by using individual endorsements of the link between user and public key. PGP uses this approach, as well as lookup in the domain name system (DNS). The DKIM system for digitally signing emails also uses this approach.

Authentication to Server[edit]

The SSH protocol supports many authentication methods.

Key-based Authentication[edit]

• private key of the user who wants to log on to a server is stored on client computer.
• public key of the user is stored on every server the user wants to log on to. These keys are called authorized keys.