HOW DOES SSH WORKS

SSH is a abbreviation for Secure Shell is a network protocol that allows data-exchange between devices on the network..This is mainly used in linux OS's to access shell commands etc... SSH was mainly designed as a replacement of insecure remote shells (eg. Telnet) which do not use encryption and send passwords/user-names in simple ascii text, making them vulnerable to many attacks…

SSH in Action:

• Client connects to the server using a TCP connection...Like FTP , HTTP etc…

• Then they share each others  version information and Protocol information…

• Next the client and sever  discusses supported Encryption , keys , hashes ...

• Now the client sends the server a hello  message that includes the message about the key exchange and a challenge ...

• Now the client  listens for the server's response about the request which will include the message that conatins server's  key and a challenge value that has been signed by the server's private key...

• This is done to make sure that the packet could only come from the server that has sent it.. (This makes the ssh secure from man in the middle attacks)

• The client then checks the list for known hosts by searching '~/.ssh/known_hosts' . If the public key is found here , it automatically assumes that the data is valid and the server could be trusted..But if the public is not listed here then the user is displayed with a messaget that asks them to verify the fingerprint ...

• Now both server and client have enough information needed to create the master key that will be used to encrypt the session and the communication starts…

Workflow of Secure Shell (SSH)

The major confusion, that's widely found among most people, is that "SSH works only on Public key encryption and not on Secret Key encryption". I would like to clear this confusion here. Indeed Asymmetric encryption is more secure than Symmetric encryption but  Asymmetric encryption has a lot of complexion involved, and is a little bit more time consuming to decrypt data using it.

Due to which most of the protocol uses Public key cryptography (asymmetric encryption), only to share the secret key that is used for symmetric encryption, which will be then used as a primary encryption method for the entire data movement. Thus in the entire data communication  "Asymmetric encryption is only used to share the secret key, which will be then used for symmetric encryption"

So the first step is to make a secure channel between the client and the server.

The client authenticates the server, because client is the one that first initiates the connection. After the server is authenticated by the client, and the client is sure about the identity of the server, a secure symmetric channel is formed between two of them.

This secure channel will be then used for authenticating the client, passwords exchange, sharing keys and other things.