Explain How SSH Works to Me

November 1, 2017 | Kim Crawley
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

SSH, otherwise known as Secure Shell, is a common TCP internet protocol that can be used to securely connect a computer to an outside computer or network. The physical locations of the computers on both ends of an SSH connection don't matter provided that the computers are connected to the accessible network and have SSH set up properly. There are many practical applications for SSH. A network administrator could continue their work while they're on vacation on another continent. One office network in one geographic location could work with an office network in another geographic location so all of an organization's satellite offices are united in their networking. A contracted IT services company could provide remote technical support to a client machine upon request without having to physically travel. Or considering how woefully insecure FTP is, a company could decide to use SSH for file transfer instead.

Tatu Ylönen CEO and founder of SSH Communications Security, wrote about how he invented SSH in SC Magazine:

“While attending school in Helsinki, I discovered a password ‘sniffer' attack in our university network.

To shield our data, I wrote a program to protect information as it moved from point to point throughout the network. I called it the 'secure shell', or SSH for short.”

Today, nearly every major network environment – including those in governments, large enterprises and financial institutions – uses a version of SSH to protect data in transit and let administrators manage systems remotely.

Talk about turning lemons into lemonade. Ylönen was dissatisfied by the lack of security in the rlogin, TELNET, ftp, and rsh protocols, so he devised his own solution. He released the first version of SSH as freeware in July 1995. Adoption exploded. By the end of 1995 there were about 20,000 SSH users. He founded SSH Communications Security by December 1995. By the year 2000, there were about 2 million SSH users. SSH has been assigned to TCP port 22. Many operating systems have SSH software preinstalled, including most versions of Linux, macOS, Solaris, FreeBSD, OpenBSD, NetBSD, and OpenVMS. There are SSH applications for Windows, but they aren't preinstalled and must be installed manually.

So, here's how SSH works

The SSH protocol is based on the client-server model. Therefore, an SSH client must initiate an SSH session with an SSH server. Most of the connection setup is conducted by the SSH client. Public key cryptography is used to verify the identity of the SSH server, and then symmetric key encryption and hashing algorithms are used to maintain data transmission in ciphertext. That way, privacy and integrity of data transmission in both directions between the client and server is assured, man-in-the-middle attacks are mitigated.

The steps involved in creating an SSH session go like this:

  1. Client contacts server to initiate a connection.
  2. The server responds by sending the client a public cryptography key.
  3. The server negotiates parameters and opens a secure channel for the client.
  4. The user, through their client, logs into the server.

There are different ciphers that can be used for SSH depending on the applications being used. Some of them include:

  • CHACHA20
  • AES-GCM
  • Blowfish-CBC
  • AES128-CTR
  • AES192-CTR
  • AES256-CTR
  • Arcfour
  • Cast128-CBC

Usually either an implementation of Diffie-Hellman or Elliptic Curve Diffie-Hellman are used to protect the key exchange.

In the world of cryptography, specific ciphers are usually cracked at some point, and new stronger ciphers are developed. So SSH implementations will drop older ciphers and support newer ciphers over time. Therefore, we could still be using SSH thirty or forty years from now. And we all have Ylönen and the password sniffer he discovered to thank for it.

Kim Crawley

About the Author: Kim Crawley, Guest Blogger
Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related.By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine.Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her first talk at an infosec convention, a penetration testing presentation at BSides Toronto.She considers her sociological and psychological perspective on infosec to be her trademark. Given the rapid growth of social engineering vulnerabilities, always considering the human element is vital.
Read more posts from Kim Crawley ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL