SSH (Secure SHell)

Alice wants to access Bob terminal.

Asymmetric

Works with a private/public key pair. The private key should never be shared with anyone. Whereas the public key is accessible to everyone.

So in order for Alice to access Bob's data through an encrypted channel, Bob needs to encrypt the data with Alice's public key, then Alice can decrypt that data with Alice's private key.

Setting up Alice

Alice generates a key pair:

ssh-keygen -t rsa

She is asked to:

  • give the directory and name of the file where she wants to store the key pair. In ubuntu, storing it under /home/user/.ssh/<keyusedforname>, is a good idea.
  • specify a passphrase or leave blank. The passphrase will be used to encrypt the private key. So it is not accessible to anyone who gains access to Alice's machine. So when Alice's machine needs to decrypt content sent by Bob, she will have to type at some point the passphrase in order to decrypt the private key, in order to decrypt the public key crypted content.

Setting up Bob

Once Alice has generated the key pair, she will have to give the public key to Bob.

The public key is the whole contents of the file /home/user/.ssh/<keyusedforname>.pub.

How it works internally for a connection

  1. Bob receives a request containing Alice's public key.
  2. Bob checks whether he has such a public key, and if he does, he uses it to encrypt a temporary secret that he sends back to the requestor.
  3. If the requestor is able to answer back to that with the unencrypted temporary secret, then it means he is Alice. Because only Alice could have successfully deciphered the encrypted secret.
  4. A tunnel is established inside which data is securely transferred both ways.
    • How this tunnel works idk but Bob sends an Alice.pub:encrypted Bob:secret, which Alice can decipher. Then she can encrypt data back with that Bob:secret, and Bob can decipher it because he has the Bob:secret:private key for example.