Saturday, April 30, 2011

Protocol 1 and Protocol 2 in SSH

Protocol 1:

In this case ,when the daemon starts,it starts  generating RSA keys also known as Server keys every hour.This key is not stored anywhere.The no of bits in the server keys is determined by the  ServerKeyBits configuration in the sshd_config.

when client tries connecting to the daemon,the server responds with the 
1)Host Key
2)Server Key

Then the client verifies the server key with its own database whether it has changed.If this is the first time the client is trying to connect to the host,it adds to the /etc/ssh/known_hosts after confirmation from the user.

For setting up a secured session between the client and server, the client generates a 256 random number which it encrypt using both the host key and server key and sent to the daemon(server).

This 256 random number is decrypted by the server and used as a session key for communication between the two.

For this protocol ,cipher config is used in /etc/ssh/ssh_config
In this cipher required for the session to setup can be given.

Protocol 2 in SSH:

In this case the main difference is Server Key is not generated.

In this session key for forward security is generated through a Diffie-Hellman key agreement.This agreement results in a shared session key.

For the rest of the session,the symmetric cipher is aes128-cbc,blowfish,3des etc.. anything the client chooses as the encryption algorithm from the list of encryption algorithms supported by the client.

The list of encryption algorithm supported by the daemon can be known from 
Ciphers configuration  in /etc/ssh/sshd_config.

The client can select the needed cipher from the list of supported ciphers of the server by changing the configuration against the ciphers in /etc/ssh/ssh_config.The ciphers are selected by the client in the order of preference as in /etc/ssh/ssh_config.

No comments:

Post a Comment