SSH
SSH
· Jomplair · Lexicon Lab

SSH (Secure Shell)

  1. SSH Protocol Overview

SSH (Secure Shell), defined in RFC 4251-4256, is a cryptographic network protocol for secure remote access, command execution, and data communication over unsecured networks. Operating on port 22, it replaces insecure protocols like Telnet and FTP by encrypting all traffic, ensuring confidentiality, integrity, and authentication.

  1. Core Components & Architecture
  2. Protocol Layers

SSH operates in a layered architecture:

  1. Transport Layer: Handles encryption, server authentication, and key exchange.
  2. User Authentication Layer: Validates client credentials (e.g., passwords, public keys).
  3. Connection Layer: Manages multiple logical channels (e.g., shell sessions, file transfers).
  1. Key Features
  • Strong Encryption: Uses AES, ChaCha20, or 3DES to encrypt data.
  • Public Key Authentication: Eliminates password-based risks.
  • Tunneling: Securely forwards TCP/IP ports (SSH tunneling/VPN alternative).
  • Integrity Checks: HMAC-SHA2 ensures data is unaltered in transit.
  1. SSH Workflow: Session Establishment

Step 1: TCP Connection

  • Client initiates a TCP handshake to the server on port 22.

Step 2: Protocol Version Exchange

  • Client and server negotiate SSH versions (e.g., SSH-2.0, deprecated SSH-1.99).

Step 3: Key Exchange & Algorithm Negotiation

  • Diffie-Hellman (DH) or Elliptic Curve DH (ECDH) generates a shared secret.
  • Agree on encryption algorithms (e.g., aes256-ctr), MAC algorithms (e.g., hmac-sha2-256), and compression.

Step 4: Server Authentication

  • Server sends its host key (public key) to the client.
  • Client verifies the key against a trusted database (e.g., ~/.ssh/known_hosts).

Step 5: Client Authentication

  • Methods:
    • Password: Encrypted password sent to the server.
    • Public Key: Client signs a challenge with its private key.
    • Multi-Factor: Combines keys, passwords, or tokens.

Step 6: Secure Channel Establishment

  • Symmetric session keys are derived for encrypting data.
  1. Managing a Switch via SSH

Step 1: Preconfiguration on the Switch

  1. Generate RSA/ECDSA Keys:

Switch(config)# crypto key generate rsa modulus 2048 

  1. Enable SSH Service:

Switch(config)# ip ssh version 2        # Enforce SSHv2 

Switch(config)# line vty 0 4 

Switch(config-line)# transport input ssh 

Switch(config-line)# login local 

  1. Create User Credentials:

Switch(config)# username admin privilege 15 secret S3cur3P@ss 

Step 2: Client Connection

From a client (e.g., OpenSSH, PuTTY):

ssh admin@192.168.1.1 

  • Authenticate via password or private key.

Step 3: Privileged Access

Switch> enable 

Password: ******** 

Switch# 

  1. SSH Packet Structure

[ Packet Length ] 

[ Padding Length ] 

[ Payload (Encrypted) ] 

  ├── Message Type (e.g., SSH_MSG_USERAUTH_REQUEST) 

  ├── Session ID 

  └── Data (e.g., command, shell I/O) 

[ MAC (Message Authentication Code) ] 

  1. SSH vs. Telnet: Critical Differences

Feature

SSH

Telnet

Encryption

Full (AES, ChaCha20)

None (plaintext)

Authentication

Public/private keys, MFA

Username/password only

Port

22

23

Security

Resists MITM, eavesdropping

Vulnerable to attacks

Overhead

Higher (encryption/MAC)

Minimal
  1. Advanced SSH Use Cases
  • SCP/SFTP: Securely transfer files using scp or sftp.
  • Port Forwarding: Tunnel traffic through SSH (e.g., ssh -L 8080:localhost:80 user@host).
  • Jump Hosts: Chain SSH connections through intermediate servers.
  1. Security Best Practices
  • Disable SSHv1: SSHv1 has vulnerabilities (e.g., CRC-32 exploit).
  • Key Management: Rotate keys periodically; use passphrase-protected keys.
  • Limit Access: Restrict SSH to specific IPs via firewall rules.
  • Audit Logs: Monitor /var/log/auth.log for brute-force attempts.
  1. SSH Protocol Weaknesses
  • Zero-Day Exploits: Vulnerabilities like "Shellshock" (CVE-2014-6271).
  • Misconfigured Keys: Weak key algorithms (e.g., RSA-1024) or exposed private keys.
  • Side-Channel Attacks: Timing attacks on encryption algorithms.
  1. Visual Workflow: SSH Handshake

Client                          Server (Switch) 

  |---- TCP SYN (Port 22) -------->| 

  |<--- TCP SYN-ACK --------------| 

  |---- TCP ACK ----------------->| 

  |<--- SSH Version String -------| 

  |---- SSH Version String ------>| 

  |<--- Key Exchange Init -------| 

  |---- Key Exchange Reply ------>| 

  |<--- Server Host Key ---------| 

  |---- Client Auth Request ----->| 

  |<--- Auth Challenge ----------| 

  |---- Signed Response --------->| 

  |<--- Session Channel Open ----| 

  |---- Shell Commands ---------->| 

  |<--- Encrypted Output --------| 

Summary

SSH is the de facto standard for secure remote device management, offering robust encryption, authentication, and tunneling capabilities. By configuring SSH on network devices like switches and adopting key-based authentication, administrators can eliminate the risks of plaintext protocols like Telnet while enabling scalable, auditable access in enterprise and cloud environments.

 

Latest posts