SSH Authentication Process: Practical Walkthrough - Part 1

A multi-part series with an aim of explaining the authentication process used in ssh protocol utilizing open ssh implementation.

Brief Explanations of Key Terminologies

Terminologies explained here will be crucial in understanding the ssh authentication framework

Public key

• A part of crytographic key pair with a corrsesponding private key
• Used for data encryption, enabling secure communication between the client and server.
• It can be shared with others to allow access to the server Stored in the authorized_keys file within the user's .ssh directory.

Private key

• The counterpart of the public key in the cryptographic key pair.
• Used for data decryption, enabling the client to read encrypted messages from the server.
• It must be kept confidential and protected as it grants access to the server.

Algorithms for Key Generation

• RSA (Rivest–Shamir–Adleman)
• DSA (Digital Signature Algorithm)
• EdDSA (Edwards-curve Digital Signature Algorithm)
• ECDH (Elliptic Curve Diffie-Hellman)

SSH key Fingerprint

• A unique fixed length representation of a public key
• Found in the known_hosts file.
• Used to verify the authenticity of a server during the SSH connection process.

known_host File

• Contains the list of verified hosts (servers) by the client or users during the first authentication prompt.
• Checked by the client to ensure secure connections to known servers. Sample Content in Known_hosts File

|1|XRAGlbBzH+2vL56H9z8MnH6+bt8=|e4UHiH3bwu7Kn6YmAqnTlWRfc24= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIb

Content Break down, where the pipe ( | ) symbol can be seen as a delimiter

• 1 -> Sample number (Identifier)
• XRAGlbBzH+2vL56H9z8MnH6+bt8= -> Hashed Representation of the host(server) ip address or hostname
• e4UHiH3bwu7Kn6YmAqnTlWRfc24= -> Hashed representation of the host(server) public key or host key fingerprint
• ecdsa -> Public key cryptography algorithm used (Elliptic Curve Digital Signature)
• sha2 -> Hash function name (Secure Hash Algorithm 2)
• nistp256 -> Name of the elliptic curve the public key cryptography algorithm uses
• AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIb -> Base 64 encoding of the remote host's (server) public key

authorized_keys File

• Contains the public keys of remote hosts (servers) allowed to authenticate with the user's client.
• Enables the server to verify the client's identity during authentication.

Sample Content in authorized_keys file

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp/4mes7Oj/

Content Breakdown

• ssh-rsa -> algorithm used in generating keys, in this case RSA
• AAAAB3NzaC1yc2EAAAADAQABAAABAQCp/4mes7Oj/ -> Actual public key data for the remote hosts

Architecture: Client-Server Model

• SSH operates on a client-server model, allowing secure communication between the client and server.
• Authentication is bidirectional, ensuring both the server and client identity are verified.
• The client initiates the connection and verifies the server identity first, then its own identity using public-key authentication or password-based methods.
• The server checks the client's credentials and grants access based on authentication success.