Secure Shell (SSH) is a cornerstone of modern network security, enabling encrypted communication and remote system administration. Whether you're managing servers, deploying applications, or simply accessing files remotely, understanding SSH is crucial. 

This article will explore the fundamentals of SSH, its various use cases, and examine the essential role of SSH keys in secure authentication. We will also discuss the underlying processes that contribute to SSH's security, from the initial TCP connection to the complexities of public-key cryptography.

Finally, we will provide a step-by-step guide on generating your own SSH keys, enabling you to enhance the security of your systems and connections.

What is SSH?

SSH, or Secure Shell, is a cryptographic network protocol, meaning it is a set of rules that describes the transmission of encoded data across a network of terminal and terminal-oriented devices.

It is used to securely connect the shells of these terminal devices over insecure networks. This allows for secure remote access to the server, through which commands can be executed on the shell of the connected server.

NOTE: Terminal devices refer to IoT (Internet of Things) devices. These include any devices that connect to the internet, such as routers, laptops, smartphones, as well as smart bulbs, smart fridges, smart toasters, and other smart electronics. Terminal-oriented devices are those typically interacted with through the Command Line Interface (CLI).

Use cases of SSH

• Remote system administration: System administrators use SSH to securely access, manage, and troubleshoot remote servers and devices.
• Port forwarding and funneling: SSH enables secure port forwarding, allowing users to tunnel network traffic through an encrypted connection, protecting data from eavesdropping.
• Script execution on remote machines: SSH enables running shell scripts on remote servers for automation and maintenance tasks.
• Secure Git operations: Developers use SSH to authenticate and securely interact with Git repositories on platforms like GitHub, GitLab, and Bitbucket.
• Secure database connections: SSH tunnels are used to securely connect to remote databases without exposing them to the public internet.
• Automation and CI/CD pipelines: CI/CD tools like Jenkins, GitLab CI, and GitHub Actions use SSH for deploying applications to remote servers.
• IoT device management: SSH is used to remotely configure and manage IoT devices deployed in the field.
• Backup and synchronization: Tools like rsync, combined with SSH, securely back up and synchronize data between servers.
• VPN alternative: SSH can act as a lightweight VPN alternative, enabling secure access to private networks.
• Configuration management and automation: Tools like Ansible use SSH for agent-less access to and control of an inventory of devices.

Facts about SSH

• When and why was SSH created: It was created in December 1995 by Tatu Ylönen to replace Telnet, Remote Login (rlogin), Remote Shell (rsh), Remote Copy (rcp), as well as other protocols to securely connect to remote servers. These older protocols were replaced by SSH-based Secure Login (slogin), SFTP, and SCP.
• Connection protocol: It is usually established over TCP. It can also be established over WebSocket.
• OSI model: SSH operates at the transport and/or application layers of the OSI model.
• Connection mechanism: SSH utilizes SSH tunneling or SSH port forwarding to connect the client to the server. SSH tunneling, by standard, utilizes port 22 to transmit packet data securely across the TCP connection.
• Connection state: An SSH connection is stateful, i.e., it saves the connection session and channel of the two machines that have connected before, so even after disconnection, the connection is easily reestablished
• Standard: The Internet Engineering Task Force (IETF) has stipulated SSH2 as the standard SSH version.
• Authentication: For authentication across the connection/channel, SSH relies on two mechanisms:
  a. Passwords, the less secure option
  b. SSH Keys or, more specifically, SSH Key Pairs, which are way more secure compared to passwords.
• Other implementations: Even though SSH is open, OpenSSH and PuTTY were created as open-source implementations for Unix- & BSD-based OSes, like MacOS and Linux, and Windows respectively. These implementations are, however, cross-platform, i.e., they are used across the board (BSD, Unix, or Windows OSes).

What are SSH keys?

SSH keys are an authentication method that enables secure access to the remote SSH server the SSH client is trying to connect to.

What makes SSH keys so secure?

They provide SSH with an encryption and authentication mechanism known as public key cryptography. This cryptographic mechanism utilizes hybrid encryption, which is a combination of asymmetric encryption, or the utilization of a key pair of public and private keys, and symmetric encryption, which relies on a single key for encryption.

Asymmetric encryption encrypts the shared public key and transmits it securely over the network to the server. This shared public key enables symmetric encryption of the payload/data as it is transmitted to and from the network. 

This hybrid encryption method is the same cryptography mechanism behind SSL/TLS and most of the cryptography mechanisms used around the world today.

These keys are created using various encryption algorithms, depending on the encryption type, i.e., symmetric encryption algorithms are “simpler” than those for asymmetric encryption.

Symmetric encryption algorithms include:

• AES (Advanced Encryption Standard): This algorithm is widely used for symmetric encryption and is known for its speed, security, and efficiency.
• DES (Data Encryption Standard): This is an older symmetric encryption algorithm with a 56-bit key and is now considered insecure due to its small key size.
• 3DES (Triple DES): This is seen as an enhanced version of DES that applies the DES algorithm three times for stronger encryption, though slower and largely replaced by AES.
• Blowfish:  This is a fast, flexible, and secure symmetric encryption algorithm with variable key lengths and is popular in software applications.
• Twofish: Twofish is seen as a successor to Blowfish and is known for its speed, flexibility, and 128-bit block size
• RC4 (Rivest Cipher 4): RC4 is a stream cipher known for its simplicity and speed, though vulnerabilities make it unsuitable for modern secure communications.

Some asymmetric algorithms include:

• RSA (Rivest-Shamir-Adleman): This is the most popular asymmetric algorithm for secure data transmission and digital signatures. It is based on the difficulty of factoring large numbers.
• ECC (Elliptic Curve Cryptography): This is a modern asymmetric algorithm that offers strong security with smaller key sizes, making it efficient for constrained devices.
• Diffie-Hellman (DH): This key exchange algorithm allows two parties to securely establish a shared secret over an insecure channel.
• DSA (Digital Signature Algorithm): This is a standard asymmetric algorithm used for generating and verifying digital signatures, ensuring data authenticity and integrity.
• ElGamal: This asymmetric encryption and digital signature algorithm is based on the Diffie-Hellman key exchange, which offers probabilistic encryption.
• ECDH (Elliptic Curve Diffie-Hellman): This is a more efficient version of Diffie-Hellman that uses elliptic curves for faster and more secure key exchanges.
• EdDSA (Edwards-Curve Digital Signature Algorithm): This digital signature algorithm is fast, secure, and efficient. It uses elliptic curves, designed for performance and simplicity.

Not all algorithms are created for the same purpose. For instance, some asymmetric algorithms are just meant for key exchange, like the DH and ECDH. Some are for encrypting the payload, like the RSA, while others are for digital signatures, which enable the integrity of the payload as well as authentication. Some digital signature algorithms include DSA and the EdDSA.

Why are SSH keys better than passwords?

The advantages SSH keys have over passwords include:

• Better security: SSH keys are even more secure than very long, complicated passwords as they utilize complicated algorithms to ensure authentication.
• Convenience: SSH Keys reduces the need for passwords as users don’t have to remember the keys. Also, due to the stateful property of the SSH connection, once two machines have been connected, the keys are remembered to enable easy reestablishment of the connection so the keys don’t have to be used every time.

How does SSH work?

The entire SSH connection process can be divided into 3 stages: TCP connection, key exchange, and packet data transfer. 

TCP connection

A TCP (port 22) connection is opened between the two machines, the ssh-client & the ssh-server. This connection establishes a channel for the transmission of data across the network and allows for multiplex, i.e., parallel data transmission between the two devices.

After establishing the connection, both machines agree on the SSH protocol version to use for the transaction across that channel.

Key exchange

Next, they agree on the cryptographic algorithm they’ll both use for key sharing, integrity checks, and encryption.

After the “negotiation”, asymmetric encryption is used to securely transfer the public key across the network. Once they have their shared public key, symmetric encryption, using the shared key, is used to encrypt every single packet that is transferred through the network. This ensures that the entire communication transaction is properly encrypted, and bad actors cannot act in between.

Packet data transfer (Port forwarding/tunneling)

SSH breaks down the data into packets and readies them to be transmitted across the established network connection. The data on each packet consists of:

• Packet length (4 bytes in size)
• Padding amount (1 byte in size)
• Padding
• The payload - the data to be transmitted 
• The message authentication code, or MAC.

The padding, padding length, and actual data are encrypted together, leaving only the MAC and packet length intact. The MAC serves as the integrity checker for each packet. The padding consists of decoy bytes, added to introduce randomness into the encoded data, making it difficult for external parties to decrypt. The padding amount only indicates the size of the padding.

The data can be compressed after encryption to allow for faster transmission. Each packet, after creation and encryption (and compression, if compression was used) is transmitted across a channel on the connection.

The connection where the message code is read, the data is decompressed, decrypted, and read. Subsequent packets go through the same process and are stitched together with preceding packets to reconstruct the payload.

For a more visual understanding of the SSH connection process, check out this video.

How to create SSH keys

To create an SSH key for your server/machine, type in the following command in your command line:

ssh-keygen

As previously established, SSH keys are generated using different algorithms. By default, after completing all these steps, you will create an RSA-based SSH key pair, which is stored in the .ssh folder in your home directory.

NOTE:  Your private key is stored in ~/.ssh/id_rsa, while the public key is stored in ~/.ssh/id_rsa.pub.

If you’d like to store your keys in a different location, you can specify this after the command is entered.

When creating the key, you will be prompted to indicate the location of the SSH key, as shown below:

Generating public/private rsa key pair.

Enter file in which to save the key (/home/demo/.ssh/id_rsa):

To enable automatic access to your SSH keys, it is advised that you click Enter to skip this process and leave the keys in the default .ssh folder.

To further secure your SSH keys, the system will recommend that you create a passphrase. The passphrase can contain as many characters as you’d like.

You must save this passphrase, as it will be used instead of the SSH key whenever you log in via SSH to that server. As shown below:

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

If you choose not to use a passphrase, then you can skip with the Enter key, although to enhance security and ease of access, having a passphrase makes all the difference.

Whichever path you take, the output below should be the same thing you see on your terminal:

Output

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

8c:e9:7c:fa:bf:c4:e5:9c:c9:b8:60:1f:fe:1c:d3:8a root@here

The key's randomart image is:

+--[ RSA 2048]----+

|                 |

|                 |

|                 |

|       +         |

|      o S   .    |

|     o   . * +   |

|      o + = O .  |

|       + = = +   |

|      ....Eo+    |

+-----------------+

If you see this screen, your keys will be safely stored in the directories you specified or the one specified for you (~/.ssh/).

Conclusion

SSH is an indispensable tool for anyone who manages servers or needs to access remote systems securely. Understanding how SSH works, especially the role of SSH keys, is crucial for maintaining secure connections and protecting sensitive information. By using SSH keys, users can significantly enhance the security of their connections compared to traditional passwords. 

With the knowledge gained from this article, you are now equipped to create and manage your own SSH keys, understand the underlying encryption mechanisms, and confidently navigate the world of secure remote access. 

Remember, practicing secure SSH habits is essential in today's interconnected world, and taking the time to understand these concepts will pay dividends in the security of your systems and data.