Understanding the fundamentals of SSH (Secure Shell) protocol
SSH Service Information
Basic information about the SSH protocol and service
What is SSH?
SSH (Secure Shell) is a cryptographic network protocol used for secure communication over an unsecured network. It provides a secure channel over an unsecured network by using strong encryption. SSH is commonly used for remote command-line login, remote command execution, and secure file transfers.
SSH Protocol Versions:
SSH-1: The original version, now considered insecure and deprecated due to design flaws and security vulnerabilities.
SSH-2: The current standard version that addresses the security issues in SSH-1. It provides enhanced security, improved performance, and additional features.
Default Port:
SSH typically runs on TCP port 22, though it can be configured to use any port. Many administrators change the default port as a basic security measure to avoid automated scanning and attacks.
SSH Architecture:
SSH follows a client-server model:
SSH Server: Runs the SSH daemon (sshd) and listens for incoming connections.
SSH Client: Initiates connections to the server and provides user authentication.
Authentication Types
Different methods used for SSH authentication
Password Authentication:
The most basic form of SSH authentication where users provide a username and password to authenticate. While convenient, it's vulnerable to brute force attacks and is generally considered less secure than key-based authentication.
Security Considerations:
Vulnerable to brute force attacks
Passwords can be weak or reused across multiple systems
Password transmission is encrypted, but the password itself could be compromised
Many security professionals recommend disabling password authentication in favor of key-based authentication
Configuration:
Password authentication can be enabled or disabled in the SSH server configuration file (/etc/ssh/sshd_config):
# To enable password authentication PasswordAuthentication yes # To disable password authentication PasswordAuthentication no
SSH Servers
Common SSH server implementations and their features
OpenSSH:
The most widely used SSH server implementation, developed by the OpenBSD project. It's open-source, free, and included by default in most Unix-like operating systems.
Supports SSH protocol version 2
Provides strong encryption algorithms
Includes SFTP (SSH File Transfer Protocol) subsystem
Supports various authentication methods
Highly configurable through the sshd_config file
Dropbear SSH:
A lightweight SSH server implementation designed for environments with limited resources, such as embedded systems or routers.
Smaller codebase and memory footprint than OpenSSH
Supports SSH protocol version 2
Limited feature set compared to OpenSSH
Commonly used in embedded Linux distributions
Server Configuration:
SSH servers are typically configured through a configuration file. For OpenSSH, this is /etc/ssh/sshd_config. Common configuration options include:
# Basic OpenSSH server configuration Port 22 # SSH port PermitRootLogin no # Disable root login PasswordAuthentication no # Disable password authentication PubkeyAuthentication yes # Enable public key authentication X11Forwarding no # Disable X11 forwarding AllowUsers user1 user2 # Allow only specific users Protocol 2 # Use SSH protocol version 2 only
SSH Ciphers
Encryption algorithms used in SSH communications
Symmetric Encryption:
Used for encrypting the entire connection after initial key exchange. Both parties use the same key for encryption and decryption.
AES (Advanced Encryption Standard): AES-128, AES-192, AES-256 in various modes (CBC, CTR, GCM)
ChaCha20-Poly1305: A modern cipher that provides both encryption and authentication
3DES (Triple DES): Older cipher, considered less secure and slower than modern alternatives
Checking Supported Ciphers:
# List supported ciphers on your SSH client ssh -Q cipher # List supported key exchange algorithms ssh -Q kex # List supported MACs ssh -Q mac
SSH Hashes
Cryptographic hash functions used in SSH
Host Key Fingerprints:
SSH servers have host keys that identify them to clients. Fingerprints are hash values of these keys that are easier for humans to verify.