ssh

1. ssh worksflow

   I classify the ssh for these three parts: code from ssh -vvv

   1. tcp

      1. connection establisment

         debug1: Connecting to ec2-3-91-205-43.compute-1.amazonaws.com [3.91.205.43] port 22.
         debug1: Connection established.

      2. verision negotiation

         debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
         debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6p1 Ubuntu-3ubuntu13.5

      3. algorithm negotiation

         debug1: kex: algorithm: curve25519-sha256
         debug1: kex: host key algorithm: ssh-ed25519
         debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
         debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

   2. authentication

      1. key exchange

         debug1: SSH2_MSG_KEXINIT sent
         debug1: SSH2_MSG_KEXINIT received
         debug1: SSH2_MSG_KEX_ECDH_REPLY received
         debug1: Server host key: ssh-ed25519 SHA256:+8J5uJOnejOrUrip/hyd/YitqbymzUoHA6TKwaCd1W8

      2. user authencation

         debug1: Authentications that can continue: publickey
         debug1: Trying private key: C:\\Users\\OpenSource\\Desktop\\sshkeys\\Network+OS.pem
         debug3: sign_and_send_pubkey: signing using rsa-sha2-512
         debug3: send packet: type 50
         Authenticated to xxx.com ([xx.xx.43]:22) using "publickey".

   3. session

      debug1: channel 0: new session [client-session]
      debug2: channel 0: request pty-req confirm 1
      debug2: channel 0: request shell confirm 1

   

   one step further on key authentication(code above is key exchange authentication using DH )

   for this part, I’d like to introduce detailly for pub authentication

   client send a authentication request to server (hostname pubkey)

   server receive request and sent a challenge number encryption with pub

   client receives this number and decryption this number with private key (signature)

   server get the cipher and after this correspond to message sent, server give outs a certain auth ensurance

   details:

   1. signature is named-definition words, so that you can guess this process is like you signature a file

   2. what is inside .pub file (open ssh pub, you could see that a number of code with note )

      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ... user@host |_____| |____________________________| |_________| | | | 密钥类型 Base64编码的密钥数据 注释

      this is kinda trick why they have to decode this to a sha512 (for this process, I’d like to right anohter article to analyze it so, it is categorized like hash algorithm

   3. pub vs pri

      is there any diff for these two? By default,there were no differe, but the pri is usually long

      extent.

      • no matter how you generate a key-pair.(I mean whether it is the client or server even the third part, the process can not tell the spec user, which means rsa can not tell the key source)
      • well MIMT(man in the middle can attack exchange process) could work if you catch the first time tcp. Of course they go through the authentication process not the decryption algorithm itself. meanwhile, it estimates fair enough not seen by the algorithm

2. protocol security

3. ssh vs ssl

   ---

   ssh

   tcp