1. ssh worksflow

    I classify the ssh for these three parts: code from ssh -vvv

    1. tcp

      1. connection establisment

        1
        2
        debug1: Connecting to ec2-3-91-205-43.compute-1.amazonaws.com [3.91.205.43] port 22.
        debug1: Connection established.

      2. verision negotiation

        1
        2
        debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
        debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6p1 Ubuntu-3ubuntu13.5

      3. algorithm negotiation

        1
        2
        3
        4
        debug1: kex: algorithm: curve25519-sha256
        debug1: kex: host key algorithm: ssh-ed25519
        debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
        debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

    2. authentication

      1. key exchange

        1
        2
        3
        4
        debug1: SSH2_MSG_KEXINIT sent
        debug1: SSH2_MSG_KEXINIT received
        debug1: SSH2_MSG_KEX_ECDH_REPLY received
        debug1: Server host key: ssh-ed25519 SHA256:+8J5uJOnejOrUrip/hyd/YitqbymzUoHA6TKwaCd1W8

      2. user authencation

        1
        2
        3
        4
        5
        debug1: Authentications that can continue: publickey
        debug1: Trying private key: C:\\Users\\OpenSource\\Desktop\\sshkeys\\Network+OS.pem
        debug3: sign_and_send_pubkey: signing using rsa-sha2-512
        debug3: send packet: type 50
        Authenticated to xxx.com ([xx.xx.43]:22) using "publickey".

    3. session

      1
      2
      3
      debug1: channel 0: new session [client-session]
      debug2: channel 0: request pty-req confirm 1
      debug2: channel 0: request shell confirm 1

    SSH working process

    one step further on key authentication(code above is key exchange authentication using DH )

    for this part, I’d like to introduce detailly for pub authentication

    client send a authentication request to server (hostname pubkey)

    server receive request and sent a challenge number encryption with pub

    client receives this number and decryption this number with private key (signature)

    server get the cipher and after this correspond to message sent, server give outs a certain auth ensurance

    details:

    1. signature is named-definition words, so that you can guess this process is like you signature a file

    2. what is inside .pub file (open ssh pub, you could see that a number of code with note )

      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ... user@host |_____| |____________________________| |_________| | | | 密钥类型 Base64编码的密钥数据 注释

      this is kinda trick why they have to decode this to a sha512 (for this process, I’d like to right anohter article to analyze it so, it is categorized like hash algorithm

    3. pub vs pri

      is there any diff for these two? By default,there were no differe, but the pri is usually long

      extent.

      • no matter how you generate a key-pair.(I mean whether it is the client or server even the third part, the process can not tell the spec user, which means rsa can not tell the key source)
      • well MIMT(man in the middle can attack exchange process) could work if you catch the first time tcp. Of course they go through the authentication process not the decryption algorithm itself. meanwhile, it estimates fair enough not seen by the algorithm

  2. protocol security

  3. ssh vs ssl

    ssh

    tcp