Skip to content

SSH protocol. Asymmetric cryptography

The information provided below is intended to be complementary to the project script and is not required reading.

Motivation

Throughout the process of creating the virtual machine, you are asked to select access by SSH public key of the administrator account, which will be used during the project. Alternatively, a password could be generated for the administrator and thus access the virtual machine. Therefore, access to the virtual machine via SSH using a key pair does the same thing as a traditional password: it is an authentication mechanism.

In information transmissions that travel through public networks such as the Internet, it is essential that the information is protected with some type of encryption, normally generated through keys generated by algorithms that perform complex mathematical operations and with a certain degree of randomness, being hardly replicable.

Protocol SSH

SSH (or Secure SHell) is a communications protocol that allows remote access to a server through a secure channel in which all information is encrypted, unlike other protocols such as FTP or Telnet.

You can find all the information regarding SSH in the following link:

https://www.ssh.com/ssh/

Symmetric cryptography

Initially, cryptography protected transmitted information by encrypting the information with a key that was also used to decrypt the information. This system was called symmetric cryptography.

On the one hand, the existence of a single key implies that if an attacker intercepts the key when it is being shared between sender and receiver, he can already intercept all the information that both send using that key.

On the other hand, due to rapid technological advances, it takes “only” a few days for a modern mainstream computer to go through trial and error (known as a brute force attack) to find the unique key to decrypt a message. For equipment specifically designed for such use, it only takes a few hours.

Asymmetric cryptography

Asymmetric cryptography presents significant improvements over symmetric cryptography. In the case at hand, the idea of key pairs is based on asymmetric cryptography.

A new key pair is generated from the RSA cryptosystem (which uses integer factorization). Due to the complexity of this process and the magnitude of the numbers chosen (on the order of 10300), it is assumed that it is impossible to generate the same pair of keys twice. That is, it is not possible to repeat a pair of keys that has already been previously generated.

When you want to send a message, the sender looks for the receiver's public key, encrypts your message with that key, and once the encrypted message reaches the receiver, he takes care of decrypting it using his private key.

A good analogy that illustrates how a key pair works is the following:

  1. When the sender looks up the receiver's public key, we can imagine the recipient writing on the envelope of a letter.
  2. When the sender encrypts his message with that key, he closes the envelope. Therefore, that key only serves to close the envelope, not to open it.
  3. When the recipient receives your message, they use your private key. This private key, which has not been shared with anyone, is what allows the envelope to be opened.

In this way, even if an attacker intercepts a message, he cannot decrypt it since he does not know the private key that allows him to do so.

Hash functions

Hash functions (such as SHA-256 or SHA-512) are cryptographic algorithms that transform (“digest”) an arbitrary set of data items into a single, fixed-length value, called a hash.

The security provided by a hash algorithm lies in its ability to produce a single value for a given set of data. In this way, a computed hash value can be used for integrity verification of copies of an original file. As an example, when downloading files on the Internet, the hash value obtained by applying the hash function to the original file is usually provided, so that the user can verify that the downloaded file has not been altered during the download.

On the other hand, the SSH security protocol uses hash functions that allow verifying if the public key provided is known; in other words, if the other interlocutor is known and safe.