<p>In this article, we will talk about what is SSH, how it works. We will also talk about when we use SSH and the different encryption techniques used in SSH in detail.</p>
<h3><strong><span style="color: #000080;">SSH Introduction</span></strong></h3>
<p>SSH or secured shell is a protocol. Now, what does it mean? You may have heard about other protocols like HTTP, FTP, HTTPS. These all are ways to connect two computers and have a shared agreement on how to communicate between the two. That is the protocol or language that they can speak and SSH is a secure way for machines to communicate with one another. For example</p>
<p><strong><span style="color: #0000ff;">HTTP (HyperText Transfer Protocol):</span></strong> It allows you to send files over the internet like HTML, CSS and javascript files between browser and server.</p>
<p><span style="color: #0000ff;"><strong>FTP (File Transfer Protocol):</strong></span> It allows you to transfer computer files between client and server on a computer network. It is often used when you upload files something like Hostgator or a generic hosting platform from your computer.</p>
<p><strong><span style="color: #0000ff;">HTTPS (HyperText Transfer Protocol Secure):</span></strong> It is similar to HTTP but it is encrypted that means third parties cannot read the messages being transferred if they intercept the messages.</p>
<p><strong><span style="color: #0000ff;">SSH (Secure Shell):</span></strong> SSH is also a protocol that allows us to communicate between the two computers over the internet. It allows a user to share files as well as control and modify remote computer over the internet. It was created as a secure way of communication which again encrypts all data so that bad actors can&#8217;t monitor you.</p>
<p><strong>Now, what is the difference between HTTPS and SSH because they are both a form of communication and they are both encrypted.</strong></p>
<p>Just like web browser uses HTTPS protocol to talk with servers and display websites. A shell needs a certain protocol to enable data exchange or communication between two devices and not just a browser and a server. And that&#8217;s why SSH is called <strong><span style="color: #008000;">Secure Shell protocol</span></strong>. Its a protocol used over a shell and if you remember a shell unlike a browser allows you to talk to the operating system. With SSH you can communicate with another machine somewhere in the world through our terminal.</p>
<h3><strong><span style="color: #000080;">How SSH Works</span></strong></h3>
<p>We have talked about SSH but how exactly do we use it? It&#8217;s actually quite simple. If you’re using Linux or Mac, then using SSH is very simple. But If you use Windows, you will need to utilize an SSH client to open SSH connections. The most popular SSH client is <span style="color: #0000ff;"><b><span style="color: #008000;">PuTTY</span>, </b><span style="color: #000000;">learn</span></span> more about it <span style="color: #0000ff;"><strong><a style="color: #0000ff;" href="https://mediatemple.net/community/products/dv/204404604/using-ssh-in-putty-">here</a></strong></span> and for <strong><span style="color: #008000;">Windows 10</span></strong> go <span style="color: #0000ff;"><strong><a style="color: #0000ff;" href="https://www.howtogeek.com/336775/how-to-enable-and-use-windows-10s-built-in-ssh-commands/">here</a></strong></span>.</p>
<h4><span style="color: #0000ff;"><strong>SSH Command</strong></span></h4>
<pre><strong>ssh {user }@{host}</strong></pre>
<p>We have to run the SSH command with whatever user we want to reach at whichever host that is whichever computer IP address we want to get to. The SSH command consists of 3 different parts.</p>
<p>The <span style="color: #0000ff;"><strong>ssh</strong></span> key command instructs your system that you want to open an encrypted secure shell connection.</p>
<p><span style="color: #0000ff;"><strong>{user}</strong></span> represents the account you want to access. For example, you may want to access the <span style="color: #008000;"><strong>root</strong></span> user, which is basically synonymous for a system administrator with complete rights to modify anything on the system.</p>
<p><span style="color: #0000ff;"><strong>{host}</strong></span> refers to the computer you want to access. This can be an IP Address <span style="color: #000000;"><strong>(e.g. 345.783.20.19)</strong></span> or a domain name <span style="color: #000000;"><strong>(e.g. www.abcdomain.com)</strong></span>.</p>
<p>Once you hit enter, you will be prompted to enter the password for the requested account. Once you’re done typing, hit enter once again. If your password is correct, you will be greeted with a remote terminal window or connected with the remote computer and now can run commands on it.</p>
<h3><strong><span style="color: #000080;">When we use SSH</span></strong></h3>
<ul>
<li>Connecting to Github, clone, push, pull files from their servers to your computer. Remember when we clone something from GitHub we have to choose any of the one option ie. <span style="color: #008000;"><strong>HTTPS or SSH</strong></span>. With HTTPS you have to enter the password all time, to clone the repo. You don&#8217;t have to do that with SSH.</li>
<li>You can remotely access another computer. For example, if you are at home when you need to access your computer work, you can just SSH into it.</li>
<li>The most important use case is you have your production app somewhere on the server and if it is deleted by somebody by mistake. Then you can simply SSH into the server, get the project files to the server again and go through all the steps, to get the app back up and running.</li>
</ul>
<h3><strong><span style="color: #000080;">Encryption Techniques used in SSH</span></strong></h3>
<p>The significant advantage offered by SSH over its predecessors is the use of encryption to ensure secure transfer of information between the host and the client. <span style="color: #008000;"><strong>Host</strong></span> refers to the remote server you are trying to access, while the <span style="color: #008000;"><strong>client</strong></span> is the computer you are using to access the host. There are three different encryption technologies used by SSH:</p>
<ol>
<li>Symmetrical encryption</li>
<li>Asymmetrical encryption</li>
<li>Hashing</li>
</ol>
<p> ;</p>
<p><strong><span style="color: #0000ff;">Symmetrical encryption</span></strong></p>
<p>Symmetric encryption is a form of encryption where only one <span style="color: #008000;"><strong>secret key</strong></span> is used for both encryption and decryption of a message by both the client and the host. SSH communicates through this shared key and that&#8217;s how we are able to talk to one another. Symmetrical encryption is often called <span style="color: #008000;"><strong>shared key</strong></span> or <span style="color: #008000;"><strong>shared secret</strong></span> encryption.</p>
<p>In the below diagram, the client machine uses a secret key which it has to encrypt the message <strong><span style="color: #008000;">&#8220;Helloo&#8221;</span></strong> into a piece of code <strong><span style="color: #008000;">&#8220;yt7@#8&#8221;</span></strong> and send it to the server. Server, on the other hand, receives that encrypted message and then using the same secret key (server has) it will decrypt the piece of code into its original form i.e<strong><span style="color: #008000;"> &#8220;Helloo&#8221;</span></strong>.</p>
<p><img class="alignnone size-full wp-image-1184" src="https://c1ctech.com/wp-content/uploads/2019/07/symmetric_encryption_new.png" alt="symmetric_encryption_new" width="1447" height="781" /></p>
<p>In symmetrical encryption, anyone who possesses the key can decrypt the message being transferred. So we have to get the key in a secure way so that other people can&#8217;t use it or find out.</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.98.1 -->
<div class="quads-location quads-ad2" id="quads-ad2" style="float:none;margin:0px;">

</div>

<p>The secret key is created through a process known as a <span style="color: #008000;"><strong>key exchange algorithm</strong></span>. What makes this algorithm particularly secure is the fact that the key is never transmitted between the client and the host. Instead, the two computers share some public pieces of data and then manipulate it to independently calculate the <span style="color: #008000;"><strong>secret key</strong></span>. Even if a bad person captures the publically shared data, it won’t be able to calculate the Secret key because the key exchange algorithm is not known.</p>
<h4></h4>
<h4><strong><span style="color: #0000ff;">Asymmetrical encryption</span></strong></h4>
<p>Unlike symmetrical encryption, asymmetrical encryption is a form of encryption in which two separate keys are used for encryption and decryption. These two keys are known as the <span style="color: #008000;"><strong>public key</strong></span> and the <span style="color: #008000;"><strong>private key</strong></span>. Together, both these keys form a <span style="color: #008000;"><strong>public-private key pair</strong></span>.</p>
<p>In the below diagram, both the client as well as the server consist of the public-private key pair.</p>
<p><img class="alignnone size-full wp-image-1182" src="https://c1ctech.com/wp-content/uploads/2019/07/asymmetrical_encrytion_1.png" alt="asymmetrical_encrytion_1" width="1237" height="629" /></p>
<p><span style="color: #444444;">The public key, as the name suggests its public that means you can share it with anybody in the world. Unlike public keys, private keys are absolute secrets that you should never ever shared with anybody.</span></p>
<p><span style="color: #444444;">The public key is closely linked with the private key in terms of functionality, the private key cannot be mathematically computed from the public key. The relation between the two keys is a little bit complex that is a message encrypted by a machine’s public key, can only be decrypted by the same machine’s private key. There is a one-way relationship between the two keys. </span></p>
<p><span style="color: #444444;">You can share the public key to anyone and bad people can also grab the public key but because there is a one-way relationship between the two keys the public key cannot decrypt its own messages. It(public key) can only encrypt something and it(messages) can only be decrypted by its paired private key. </span></p>
<p>In the below diagram, the client uses the server&#8217;s public key to encrypt data for it. The server, on the other hand, uses its private key to decrypt the data on the other end that was encrypted by its public key.</p>
<p><img class="alignnone size-full wp-image-1183" src="https://c1ctech.com/wp-content/uploads/2019/07/asymmetrical_encrytion_2.png" alt="asymmetrical_encrytion_2" width="1350" height="629" /></p>
<p>Similarly, the client&#8217;s public key is used by the server to encrypt the message and the client&#8217;s private key is used by the client to decrypt the message.</p>
<p>The private key must remain private for the connection to be secured and no third party must ever know it. The strength of the entire connection lies in the fact that the private key is never revealed, as it is the only component capable of decrypting messages that were encrypted using its own public key.</p>
<p>SSH utilizes asymmetric encryption in a few different places.</p>
<ul>
<li>Asymmetrical encryption is used during the <span style="color: #008000;"><strong>key exchange algorithm,</strong></span> used to set up the symmetrical encryption. In this stage, both parties produce temporary public-private key pairs and exchange the public key in order to produce the shared secret key that will be used for symmetrical encryption.</li>
<li>The more well-discussed use of asymmetrical encryption with SSH comes from <strong><span style="color: #008000;">SSH key-based authentication</span></strong>. SSH key pairs can be used to authenticate a client to a server. The client creates a key pair and then uploads the public key to any remote server it wishes to access.</li>
</ul>
<p>Once a secured symmetric communication has been established, the server uses the client&#8217;s public key and generate a challenge and transmitted it to the client for authentication. If the client can successfully decrypt the message, it means that it holds the private key required for the connection. The SSH session then begins.</p>
<h4></h4>
<h4><strong><span style="color: #0000ff;">Hashing</span></strong></h4>
<p>Hashing is another form of cryptography used in Secure Shell Connections which uses hash functions to convert any form of data into a unique string of text.</p>
<p>A hash is designed to act as a one-way function that is  you can put data into a hash function and get a unique value of a fixed length, but if you want to generate <span style="font-size: 13.5pt; font-family: 'Open Sans',serif; color: #444444;">the input from the hash then its impossible.</span> A unique piece of data will always produce the same hash.</p>
<p><strong>One-way-hash functions differ from the above two forms of encryption in the sense that they are never meant to be decrypted.</strong></p>
<p>In the below diagram, the client machine uses the hash function which converts the text <strong><span style="color: #008000;">&#8220;Helloo&#8221;</span></strong> into a unique piece of string i.e <span style="color: #008000;"><strong>&#8220;856a8ch45&#8230;.&#8221;</strong></span> which is nearly impossible to identify.</p>
<p><img class="alignnone size-full wp-image-1185" src="https://c1ctech.com/wp-content/uploads/2019/07/hashing.png" alt="hashing" width="1350" height="629" /></p>
<p>SSH uses hashes to verify the authenticity of messages. This is done using HMACs, or <span style="color: #008000;"><strong>Hash-based Message Authentication Codes</strong></span>. This ensures that the command received is not tampered with in any way.</p>
<p>Using hash function each message that is transmitted must contain a MAC(M<strong>essage Authentication Code</strong>). MAC is a hash generated from the symmetric key, packet sequence number, and the message contents. So let&#8217;s say if the client is trying to send the password to the host and they have already established a symmetric key for secure communication. At client-side I will combine (symmetric key, packet sequence number, and the message contents) and pass it as input to the hash function and then it will spit out some piece of unique code. Now, this code is sent to the host. At server-side, to check that the message has not tampered with, it uses its own symmetric key, packet sequence number which they both know and also the message content and runs it through the same hash function again. Now it will compare the newly created hash with the old client hash and if it matches then it means that this message was not tampered with.</p>
<p>The average user encounters hashing daily in the context of passwords. For example, when you create an email address and password, your email provider likely does not save your password. Rather, the provider runs the password through a hashing algorithm and saves the hash of your password. Every time you attempt to sign in to your email, the email provider hashes the password you enter and compares this hash to the hash it has saved. Only when the two hashes match you are authorized to access your email.</p>
<p><span style="color: #000000;"><span style="color: #000080;"><strong><span style="color: #000000;">Thank you. I hope this article will help you in understanding a lot about SSH and also SSH encryption techniques in detail. If you want to know how to setup SSH on Github then go to</span></strong> <a style="color: #000000;" href="https://c1ctech.com/how-to-set-up-ssh-on-github/"><strong><span style="color: #0000ff;">How to setup SSH on Github</span></strong></a>.</span></span>