If you are working remotely, especially if you have different servers and you want to log in to those servers and work on their shells, then rlogin, ssh, etc. are the options you can take.
What is SSH?
SSH is a network protocol that allows remote login and other network services to operate securely over an unsecured network. It was designed basically as a replacement for telnet and other unsecured remote login shell protocols like rsh, rlogin, etc.
Why is SSH more secure?
In unsecured remote login shell protocols, when the server and the client transfer data between them, it is done in an unsecured way. So, it is not secure from eavesdropping. In SSH, all the communication between the server and the client is done using encryption and authentication. As a result, data integrity and data security are maintained properly.
How does the SSH protocol work?
SSH uses public-key cryptography (What is the difference between public-key encryption and symmetric key encryption?) initially to verify the authenticity of the hosts, and then a symmetric key is derived between the server and the client. Later, this symmetric key or session key is used for the rest of the secure communication to encrypt the data being transferred. (What is Perfect Forward Secrecy?)
In public-key cryptography, a keypair consisting of a public key and a private key is used. When a client first communicates with the server, the server sends his public key to the client. The client then verifies the authenticity of the public key of the server with a Certificate Authority.
After that, the server and the client communicate with each other and derive a symmetric key. To make sure the secret key cannot be derived by an eavesdropper, the Diffie-Hellman key exchange algorithm is used. (How does the Diffie-Hellman key exchange protocol work?).
Once a symmetric key is established between the server and the client, now it is time to authenticate the client to the server. Several mechanisms can be used for this purpose. Password authentication is one such option. In case of password-based authentication, the client sends to the server a password encrypted with the symmetric key. The server verifies it and allows the client for further communication. But, because of vulnerability regarding password strength, etc, this is not a very good option. Public key cryptography again can be used for this purpose.
In that case, even before the communication starts, the client generates a public-private key pair and sends the public key and its key ID to the server after generating it. At the time of …
0 Comments