Every day, there’s an out of control war waged online. No, it’s not the political wars you see on Twitter. Instead, it’s an arms race between criminals and those that seek to protect important information.
This war matters. In 2018, companies lost billions of dollars due to data breaches in 2018. This type of activity has gone on since the beginning of the internet, with hackers figuring out new ways to get past early security programs.
Early remote shell programs fell victim to the online arms race. Anytime a security protocol comes out, hackers work to figure out a way around them. They improve their methods, forcing online security experts to improve as well. This constant cat and mouse game forces everyone to think outside of the box.
This online arms race gave birth to cloud operated operating systems like Ubuntu and the secure shell, or SSH, security method. Are you wondering “what is SSH?” Let’s look at what SSH is and how it works to keep online information safe.
SSH is a secure replacement for Telnet, which was unencrypted and allowed unauthorized users to gain access to remote servers online. SSH uses cryptographic techniques that encrypt communication from and to remote servers. It allows the server to authenticate remote users and transfer inputs from client to host. It then relays the output back to the client.
Linux or Mac users can SSH into their terminal directly using the terminal window, whereas Windows users need to download an SSH client. The execution of shell commands happens in the same way as physically operating the remote computer.
SSH makes use of a client-server model. This model allows for the authentication of two remote systems and encrypts the data that flows between them. It authenticates the client and opens the shell environment if it verifies the user has permission. This provides a layer of security that protects data and makes it difficult for unauthorized users to sniff out information.
The client initiates a TCP “handshake” with the server and ensures a secured symmetric connection. It also verifies that the identity of the server matches previous records recorded in an RSA key store file. The connection gets made after these steps and the presentation of the user credentials.
The client and the server both decide upon which protocol to use. They then use the Diffie-Hellman Key Exchange Algorithm to create a symmetrical key. The algorithm allows the client and server to determine what encryption key will encrypt the communication session. It’s a method that’s nearly impossible to crack; in fact, most of the major data leaks occur because these safety protocols aren’t followed.
To understand why it’s almost impossible for someone to steal data from a properly secured system, you have to understand how the client and server choose an encryption key.
First, the client and server agree on a large prime number. This number is the seed value. They then agree on a common encryption method for generating another value set, using the seed value in an algorithmic way. The parties then generate another prime number independent of each other. This becomes the secret private key used during the interaction. Since these prime numbers have infinite possibilities, it would take a statistical miracle for someone to figure them out.
The server and client then use the private key, along with the shared number and encryption algorithm to generate a public key. Each party’s personal private key, the other machine’s public key, and the original prime number creates a final shared key. Again, this key has an infinite number of possibilities.
Both sides use their shared key to symmetrically encrypt an entire SSH session. This key also decrypts information, keeping messages between both parties private and secure. The user then gains access to the system, usually using a password, and can do what they need to do.
Passwords are problematic, however. Most security breaches occur because of brute force attacks, where bots force common passwords into fields until they find the one that works. Another problem is that people tend to use the same password for all of their accounts, or they use common passwords, such as their child’s name with a 1 and ! attached to the end. Some programs can even spy on your common keystrokes to calculate potential password combinations. The most secure way to gain access to a server is to do so without a password.
As a user, you create a unique identity on the client system when you run the SSH-keygen program. This creates the subdirectory $HOME/.ssh and puts it into two files. These files are “identity” and “identity.pub”. These contain your private and public keys for your account.
Where you plan to SSH connections, you’ll need to append the identity.pub file to $HOME/.ssh/authorized_keys.
The system administrator (in this case, you) generates a public and private key pair for the system. The use of the information in the system eliminates the possibility of someone faking IP addresses or messing with DNS records to spoof the system’s identity. Unlike previous remote shell programs, someone would have to break into the system and steal the private key to emulate the system.
Once you generate the public/private key on the local system, place the public key in authorized_keys. You can now bypass login and get access to the server without having to input the password. This makes the server easier to access and helps protect the information inside of it.
There are three types of techniques used in SSH security protocols.
Many people call this technique shared key or shared secret encryption. It uses a secret key for the encryption and decryption of messages by the client and host. Anyone with the key can decrypt transferred messages.
For this method, you’ll either use only one key or a pair of keys where one key aids in the calculation of the other. The keys encrypt communication during SSH sessions. The client and server derive the key using an agreed method.
What makes this method secure is that the creation of a symmetric key gets carried out with a key exchange algorithm. That key never transmits between the client and the host, making it impossible to intercept. The computers share public data and manipulate it to calculate the secret key. If a machine or hacking bot gets their hands on the public data, they still can’t calculate the key because they don’t know the algorithm.
The most well known symmetrical encryption cipher is AES, although you might have heard of blowfish as well. Both the client and a host decide which cipher to use by publishing supported ciphers, ordering them by preference. The most preferred cipher on the host’s list is the bidirectional cipher.
This method uses two keys for encrypting and decrypting data. These keys are the public and private keys. Together, they form a public-private key pair.
The public key gets distributed to all parties. No party can mathematically compute the private key from the public one, so there’s no need to worry about safety. Even advanced software can’t determine anything from the public key.
The encryption and decryption process using these two keys is a complex one. If a machine’s public key encrypts a message, that machine’s private key is the only one that can decrypt it. The public key can’t decrypt it’s own message or decrypt anything that a private key encrypts. If someone outside of your business gains access to the public key, they can’t see the information that’s passed between parties.
No third party should ever know the private key. The secrecy of the private key is what makes this method secure. Only share this information with those that need it, and change it if someone leaves the team.
Anyone with the private key can log into your system and do serious damage. Even if they were to only cause downtime, the consequences can be dire. Amazon recently lost 100 million dollars due to one hour of downtime. While most companies won’t lose that much money, could your company survive an hour of lost sales and the permanent damage of lost consumer confidence?
These functions are different than the previous two in that they’re never meant for decryption. They generate a value of a fixed length for each input, showing no trend that a machine or person can exploit. Because of this, it’s almost impossible to reverse or encrypt them.
Each transmitted message contains a MAC, or message authentication code. The symmetric key, message contents, and packet sequence number calculate the MAC. It’s sent outside of the encrypted data as the conclusion section.
After answering the common questions “what is SSH and how does it work”, you probably want to know more about keeping your information safe. The online arms race shows no signs of slowing down. The best way to protect yourself is knowledge.
That’s where we come in. Check out our blog for up-to-date information on everything you need to know about dedicated and virtual private servers. If you need help protecting your website, we have the tools you need, including VPS and SSL certificates. Contact us today for more information about your individual needs.
