SSH Communication Using Public and Private Keys SSH Communication Using Public and Private Keys unix unix

SSH Communication Using Public and Private Keys


security unix ssh public-key-encryption openssh

SSH works roughly like the following. Note that this is merely a high level explanation:

Each party has two keys: a public key and a private key. The public/private keys are related mathematically, such that they are functionally inverse. Thus an operation performed by one can only be undone exactly by the other. It is complex, but think of it like calculating x^nnn versus the nnnth root of x. The former is easy but the latter is difficult, making it computationally unfeasible to guess with enough accuracy to undo the operation. This gives us some desirable attributes that allow SSH to do the following with them:

The client connects to the server. The server proves its identity by presenting a certificate signed with its private key. The client uses the server's public key to decrypt the certificate and knows that only the client could have encrypted it since it requires the private key. The server then does the same with a certificate presented by the client. Identification can only be performed with 100% assurance using a trusted third party to manage the public keys. Without the third party only identity changes can be detected.

Now that identities are verified, the server generates a symmetric secret key, encrypts it with the client's public key, and send it to the client (who is the only one that can decrypt the message since it requires the private key). From this point on, both the client and server have the symmetric secret key, and all communication is encrypted with this key. This is done for performance reasons because symmetric encryption operations are roughly 100 times faster than asymmetric operations.

This is how SSL verifies identities, and encrypts the information. Note that more granular access control are provided by higher level applications (such as *nix file permissions), not SSL.

security unix ssh public-key-encryption openssh

Explanation of this subject is a little bit excessive for Stackoverflow format.

Few days ago Coursera started a free course on Cryptography (part I) that explains exactly the matters you are interested in.

I welcome you to cryptography course to find the answers for your questions

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last