Let’s Work Together



Introduction to SSH


  • SSH stands for Secure Shell is a cryptographic network protocol for exchanging data over an unsecured network.
  • SSH provides a secure channel over the unsecured network by using a client-server architecture.
  • SSH connection for connecting remote machine looks like ssh {user}@{host}.
  • After this, a very secure connection is established for data transfer.

How SSH works?


Key Exchange Algorithm

Key Exchange ALgorithm is used for sharing keys between machines very securely. It used Asymmetric Encryption and it is secure in the way it never

shares the key over the network. In fact, it allows the machines to compute their own key. Since there is no real exchange of key so it secures way to

generate session keys in SSH initial connection.

Symmetric Encryption

Its cryptographic technique to encrypt the data. In this technique, there is only one key used to encrypt and decrypt the data. In SSH two machines

wanting to establish a connection after establishing the connection shares data using same technique.


Hashing is the process of converting the given key in a smaller size or exactly a fixed size. It uses some function or algorithm which is called a Hash


Exact Process

  • Once the client tries to connect to the server using SSH. Both Parties share their Public Key and then using the Key Exchange Algorithm both parties generate the session keys using the data from the Public key of the other and Private key of their own. The key generated is called Session key and it is which is used to encrypt the data while transferring the data over the network.
  • Once a secure connection is established the server makes a challenge using the public key of the client and sends it to the client if the client successfully solves the challenge, the secure session begins.

What if someone in middle tampers the Message?

  • For this Hashing is used for the authentication of messages. This is done using the HMX ( Hash-Based Authentications Codes). Each message that is transmitted over the network contains a MAC and this MAC is generated from the Symmetric Key, Packet Sequence Number, and the message content itself passing them through a hash function. This MAC is cross-verified at the server ends and if MAC matches it means the message has not been tempered. So, someone in middle pretends to be other cannot tamper with the message, and even if they MAC cross-verification will fail.

Software engineer. Loves building cool stuff.

Add Comment