In this article, we will talk about what is SSH, how it works. We will also talk about when we use SSH and the different encryption techniques used in SSH in detail.
SSH Introduction
SSH or secured shell is a protocol. Now, what does it mean? You may have heard about other protocols like HTTP, FTP, HTTPS. These all are ways to connect two computers and have a shared agreement on how to communicate between the two. That is the protocol or language that they can speak and SSH is a secure way for machines to communicate with one another. For example
HTTP (HyperText Transfer Protocol): It allows you to send files over the internet like HTML, CSS and javascript files between browser and server.
FTP (File Transfer Protocol): It allows you to transfer computer files between client and server on a computer network. It is often used when you upload files something like Hostgator or a generic hosting platform from your computer.
HTTPS (HyperText Transfer Protocol Secure): It is similar to HTTP but it is encrypted that means third parties cannot read the messages being transferred if they intercept the messages.
SSH (Secure Shell): SSH is also a protocol that allows us to communicate between the two computers over the internet. It allows a user to share files as well as control and modify remote computer over the internet. It was created as a secure way of communication which again encrypts all data so that bad actors can’t monitor you.
Now, what is the difference between HTTPS and SSH because they are both a form of communication and they are both encrypted.
Just like web browser uses HTTPS protocol to talk with servers and display websites. A shell needs a certain protocol to enable data exchange or communication between two devices and not just a browser and a server. And that’s why SSH is called Secure Shell protocol. Its a protocol used over a shell and if you remember a shell unlike a browser allows you to talk to the operating system. With SSH you can communicate with another machine somewhere in the world through our terminal.
How SSH Works
We have talked about SSH but how exactly do we use it? It’s actually quite simple. If you’re using Linux or Mac, then using SSH is very simple. But If you use Windows, you will need to utilize an SSH client to open SSH connections. The most popular SSH client is PuTTY, learn more about it here and for Windows 10 go here.
SSH Command
ssh {user }@{host}
We have to run the SSH command with whatever user we want to reach at whichever host that is whichever computer IP address we want to get to. The SSH command consists of 3 different parts.
The ssh key command instructs your system that you want to open an encrypted secure shell connection.
{user} represents the account you want to access. For example, you may want to access the root user, which is basically synonymous for a system administrator with complete rights to modify anything on the system.
{host} refers to the computer you want to access. This can be an IP Address (e.g. 345.783.20.19) or a domain name (e.g. www.abcdomain.com).
Once you hit enter, you will be prompted to enter the password for the requested account. Once you’re done typing, hit enter once again. If your password is correct, you will be greeted with a remote terminal window or connected with the remote computer and now can run commands on it.
When we use SSH
- Connecting to Github, clone, push, pull files from their servers to your computer. Remember when we clone something from GitHub we have to choose any of the one option ie. HTTPS or SSH. With HTTPS you have to enter the password all time, to clone the repo. You don’t have to do that with SSH.
- You can remotely access another computer. For example, if you are at home when you need to access your computer work, you can just SSH into it.
- The most important use case is you have your production app somewhere on the server and if it is deleted by somebody by mistake. Then you can simply SSH into the server, get the project files to the server again and go through all the steps, to get the app back up and running.
Encryption Techniques used in SSH
The significant advantage offered by SSH over its predecessors is the use of encryption to ensure secure transfer of information between the host and the client. Host refers to the remote server you are trying to access, while the client is the computer you are using to access the host. There are three different encryption technologies used by SSH:
- Symmetrical encryption
- Asymmetrical encryption
- Hashing
Symmetrical encryption
Symmetric encryption is a form of encryption where only one secret key is used for both encryption and decryption of a message by both the client and the host. SSH communicates through this shared key and that’s how we are able to talk to one another. Symmetrical encryption is often called shared key or shared secret encryption.
In the below diagram, the client machine uses a secret key which it has to encrypt the message “Helloo” into a piece of code “yt7@#8” and send it to the server. Server, on the other hand, receives that encrypted message and then using the same secret key (server has) it will decrypt the piece of code into its original form i.e “Helloo”.
In symmetrical encryption, anyone who possesses the key can decrypt the message being transferred. So we have to get the key in a secure way so that other people can’t use it or find out.
The secret key is created through a process known as a key exchange algorithm. What makes this algorithm particularly secure is the fact that the key is never transmitted between the client and the host. Instead, the two computers share some public pieces of data and then manipulate it to independently calculate the secret key. Even if a bad person captures the publically shared data, it won’t be able to calculate the Secret key because the key exchange algorithm is not known.
Asymmetrical encryption
Unlike symmetrical encryption, asymmetrical encryption is a form of encryption in which two separate keys are used for encryption and decryption. These two keys are known as the public key and the private key. Together, both these keys form a public-private key pair.
In the below diagram, both the client as well as the server consist of the public-private key pair.
The public key, as the name suggests its public that means you can share it with anybody in the world. Unlike public keys, private keys are absolute secrets that you should never ever shared with anybody.
The public key is closely linked with the private key in terms of functionality, the private key cannot be mathematically computed from the public key. The relation between the two keys is a little bit complex that is a message encrypted by a machine’s public key, can only be decrypted by the same machine’s private key. There is a one-way relationship between the two keys.
You can share the public key to anyone and bad people can also grab the public key but because there is a one-way relationship between the two keys the public key cannot decrypt its own messages. It(public key) can only encrypt something and it(messages) can only be decrypted by its paired private key.
In the below diagram, the client uses the server’s public key to encrypt data for it. The server, on the other hand, uses its private key to decrypt the data on the other end that was encrypted by its public key.
Similarly, the client’s public key is used by the server to encrypt the message and the client’s private key is used by the client to decrypt the message.
The private key must remain private for the connection to be secured and no third party must ever know it. The strength of the entire connection lies in the fact that the private key is never revealed, as it is the only component capable of decrypting messages that were encrypted using its own public key.
SSH utilizes asymmetric encryption in a few different places.
- Asymmetrical encryption is used during the key exchange algorithm, used to set up the symmetrical encryption. In this stage, both parties produce temporary public-private key pairs and exchange the public key in order to produce the shared secret key that will be used for symmetrical encryption.
- The more well-discussed use of asymmetrical encryption with SSH comes from SSH key-based authentication. SSH key pairs can be used to authenticate a client to a server. The client creates a key pair and then uploads the public key to any remote server it wishes to access.
Once a secured symmetric communication has been established, the server uses the client’s public key and generate a challenge and transmitted it to the client for authentication. If the client can successfully decrypt the message, it means that it holds the private key required for the connection. The SSH session then begins.
Hashing
Hashing is another form of cryptography used in Secure Shell Connections which uses hash functions to convert any form of data into a unique string of text.
A hash is designed to act as a one-way function that is you can put data into a hash function and get a unique value of a fixed length, but if you want to generate the input from the hash then its impossible. A unique piece of data will always produce the same hash.
One-way-hash functions differ from the above two forms of encryption in the sense that they are never meant to be decrypted.
In the below diagram, the client machine uses the hash function which converts the text “Helloo” into a unique piece of string i.e “856a8ch45….” which is nearly impossible to identify.
SSH uses hashes to verify the authenticity of messages. This is done using HMACs, or Hash-based Message Authentication Codes. This ensures that the command received is not tampered with in any way.
Using hash function each message that is transmitted must contain a MAC(Message Authentication Code). MAC is a hash generated from the symmetric key, packet sequence number, and the message contents. So let’s say if the client is trying to send the password to the host and they have already established a symmetric key for secure communication. At client-side I will combine (symmetric key, packet sequence number, and the message contents) and pass it as input to the hash function and then it will spit out some piece of unique code. Now, this code is sent to the host. At server-side, to check that the message has not tampered with, it uses its own symmetric key, packet sequence number which they both know and also the message content and runs it through the same hash function again. Now it will compare the newly created hash with the old client hash and if it matches then it means that this message was not tampered with.
The average user encounters hashing daily in the context of passwords. For example, when you create an email address and password, your email provider likely does not save your password. Rather, the provider runs the password through a hashing algorithm and saves the hash of your password. Every time you attempt to sign in to your email, the email provider hashes the password you enter and compares this hash to the hash it has saved. Only when the two hashes match you are authorized to access your email.
Thank you. I hope this article will help you in understanding a lot about SSH and also SSH encryption techniques in detail. If you want to know how to setup SSH on Github then go to How to setup SSH on Github.