How SSH work

kyisoethin

Commendable
Apr 29, 2016
6
0
1,510
0
Hi
I want to verify my understanding about SSH .
SSH process steps begin
-exchange public key in order to use for authencity in DH key exchange process (at this point I want to know how it give authenticity in detail)

-DH key exchange process.From this step, it get secret key and exchange key which is used as session identifier.

-the further traffic are encrypted by secret key obtained from above step.
Also,MAC give authenticity .

This is all my understanding.
Am I right?
Moreover, when we established ssh connection, it ask whether to trust public key of server.What to do this public key?
 


The public key and private key are complex inverse functions of one another, thus you can go in reversal and have the Private key encrypt a signature and have the public key decrypt it.. This is done for the sake of verifying signature.
Now this setup this is still an issue because you can verify your public key matches the private key but you cant truly verify that private key for sure is your friend's and not someone pretending to be your friend. That is why there is trusted certificate authoritories that businesses use (like your bank) who have a copy of the private key and you check the key to them and not the source for signature verification.
 
Sounds like a homework question.

There is tons of information on internet about it but you have the main conecpt right, except mac addrss does not really provide authenticity.

You are asking how you authenticate you have the correct public key?
 

kyisoethin

Commendable
Apr 29, 2016
6
0
1,510
0
Thank .
My question is that in the first stage, we get public key each other.But how are they used to provide authenticity during DH key exchange process?
 


In a larger envronment (like say your bank or email providers website) there is a trusted Key authority who holds the public key.
In your level of environment there is nothing besides comparing hash of the key + honnor system to verify authenticity of the key itself.

You can add a pasword to the key as well to proivde additonal security, another option would be to set IP filters at sysem firewall blocking port 22 from all IPs but the whitelisted ones.

In regards to how the public and private keys work together in the DH process just look at wikipedia or one of a 100 other places on intenret.
 

kyisoethin

Commendable
Apr 29, 2016
6
0
1,510
0
Thanks
I found that signature generated using private key can be verified with public key.
But how could this be?
Private key is not for encryption and public key not for decryption.
So how does it verify?
 


The public key and private key are complex inverse functions of one another, thus you can go in reversal and have the Private key encrypt a signature and have the public key decrypt it.. This is done for the sake of verifying signature.
Now this setup this is still an issue because you can verify your public key matches the private key but you cant truly verify that private key for sure is your friend's and not someone pretending to be your friend. That is why there is trusted certificate authoritories that businesses use (like your bank) who have a copy of the private key and you check the key to them and not the source for signature verification.
 

ASK THE COMMUNITY