SSH Authentication: A Basic Overview

    Date11 Aug 2004
    CategoryCryptography
    18284
    Posted ByAnthony Pell
    SSH is one of the premier Security tools in use today. SSH is most commonly used to gain a remote shell, but it can be used for file transfers, to display remote X applications on a local machine, and even to securely connect to services that lack encryption. Unfortunately, many who use it from day to day don't have a good understanding of how it actually works. Many people know that SSH1 is deprecated, and that SSH2 has taken its place, but how many know how authentication actually works for both? I didn't, and that bothered me, so I set out to do some research. . . . SSH is one of the premier Security tools in use today. SSH is most commonly used to gain a remote shell, but it can be used for file transfers, to display remote X applications on a local machine, and even to securely connect to services that lack encryption. Unfortunately, many who use it from day to day don't have a good understanding of how it actually works. Many people know that SSH1 is deprecated, and that SSH2 has taken its place, but how many know how authentication actually works for both? I didn't, and that bothered me, so I set out to do some research.

    This is by no means a "serious" paper - let's be clear about that. A true "paper" (in the Infosec world) brings forward a ground-breaking idea and explains it in technical detail. This paper, on the other hand, is designed to convey, using efficient language, information that is already understood by a relatively small number of people (in this case cryptographers). In short, I am attempting to pass on *understanding* rather than information. My goal is to provide an overview (hence the name) of how SSH1 authentication differs from SSH2 authentication, followed by a brief foray into the use of RSA/DSA key pairs for user authentication. Ok, with that said, let's begin.

    First off, SSH has two main protocol versions - SSH1 and SSH2. SSH2 is the newer version and it is highly recommended that anyone running an SSH server only allow clients to use SSH2. This is accomplished by editing your sshd_config file and removing the 1 from the "Protocols" line toward the top of the file. This will prohibit the daemon from "falling back" to SSH1 in the event that a client doesn't speak SSH2.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"7","type":"x","order":"1","pct":87.5,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.