DEV Community

Cover image for ssh. is it secure or just a bluff ? Understand how it works .

Posted on

ssh. is it secure or just a bluff ? Understand how it works .

If you're a newbie who doesn't understand what ssh is on GitHub or someone whos just starting out in computer science who doesn't understand ssh or doesn't know what it is, this is it, after reading this you'll understand it.
So first let's understand what do you exactly mean by shh and then discuss how it works.

What is ssh?

Every heard of HTTP, HTTPS, FTP? These are different protocols that the web used . A protocol is a simple set of rules that tells how should two computers interact with each other, how should they exchange information.

SSh is precisely that. It is a protocol that allows two computers to communicate securely over the internet, it allows users to share files and control remote computers over the internet. Just like a browser communicated with the server, in ssh computers communicate through a shell which is used to talk to the operating system of the computer. One of the best features of ssh is that it used encryption to between the host and the client.

Encryption is a way to hide a piece of data. it is unreadable unless you know how to decrypt it for which you need a key.

So how does it work?

ssh breaks data down into a series of packets. Heres how a packet looks like

ssh packet img

  • Packet length: It tells you how big the packet actually is.
  • Padding amount: Padding is random bytes that don't mean anything but are encrypted with the payload to make it harder to decrypt
  • Message auth code: it is a code to make sure that the data you receive have not been tampered with.

Ssh used three different types of data manipulation technique at various points during transmission. They are

  1. symmetrical encryption
  2. Asymmetrical encryption.
  3. Hashing

Symmetrical encryption (the simplest to understand ):

one key can be used to encrypt and decrypt the messages. Both the host and the client have the same key. Both devices use the same key to decrypt the messages they receive and encrypt the messages they send. It is used to prevent the middle man 🕵️‍♂️ from being able to read the data.

One of the main problems this method has is if a third party is listening during the initial key exchange they would be able to decrypt all the messages.

We use a key exchange algorithm to exchange the keys securely. To implement this algorithm we use asymmetrical encryption.

Asymmetric encryption (harder than symmetrical encryption to understand but simp ) :

To prevent the middle man from listening to our keys we use asymmetrical encryption.
Asymmetric encryption is implemented using two keys, private keys, and public keys. They form the key pair.

A message that is encrypted with a public key can be decrypted only through the private key.

A public key can be shared with anyone but the private key should not be shared with anyone for obvious reasons.
Even if the thief party obtains the public key he can't decrypt the message. Ssh uses asymmetrical encryption in a few places such as the key exchange algorithm used to set up the symmetrical encryption. Here's how it's done :

  • Both devices generate temporary private and public keys and share their respective public keys
  • They then independently generate a new symmetric key they will use to encrypt and decrypt messages. This is done using the Diffie Hellman key exchange. Here's a link to a video explaining this.
  • Once a secure symmetric communication has been established, the host using the client's public key to generate a challenge a sends it to the client for authentication. If the client can successfully decrypt the challenge it means that it holds the private key required for the connection, and finally, the ssh session can begin. ### And finally Hashing : It allows you to create a signature or summary of a set of information. It is a one-way process and hashed data is never meant to be decrypted. using the hash function each message that is transmitted must contain something called mac, this is a hash generated from the symmetric key, the packet sequence number, and the message contents that were sent. Using these three elements as input into a hash function, it will generate a string that will not make any sense. Confused? read further. Then this string is sent to the host. Why you ask? well, the host has the same information (the symmetric key, packet sequence number, and the message contents), they can use the same hash function to generate the same hash and then compare the two. Even if the letter is capitalized it will result in a completely new hash string and hence this is how it works.

Comparing two meaningless things to make something meaningful.

Quite cool isn't it.

I hope this helped you understand what is ssh and why is it used for. Btw this my first post on the dev to platform so if you liked what you just read consider liking the post or leaving a comment or maybe do both xD.

Top comments (4)

tirthuhihadev profile image

nice I was not understanding now I finally understood thanks I finally did

sandsworld profile image

Great.... Your write-up is very precise n clear to understand...... Looking forward for more updates...

ssimontis profile image
Scott Simontis

There's also certificate-based authentication, and you can add MFA to the login process. You inspired me to write a follow-up!

dhruvindev profile image
Dhruvin • Edited