Explanation of SSH

oscar_at_jbexNOSPAM.com
Date: 06/26/04


Date: Sat, 26 Jun 2004 12:30:53 +0100

Having looked at the July issue of Computer Shooper (UK) magazine,
page 269, I am still unclear on how SSH works exactly. I have googled
and have not found a clear explanation.

Please either point me to a web page; or enable my understanding of
the following; or even both.

Steps in SSH connection setup;
1. Client issues SSH command and names server
2. "Shopper" says "server sends back its public host and server keys
to client". You what? Surely there is only one public key it sends
back, and "host and server keys" means just one public key?
3. Client adds server key(s?) to its knownhosts file if it isn't there
already.
4. Shopper says, "Client generates 256 bit random number which it
encrypts using server and client public keys." What is the 256 bit
random number? Is this the client's private key? How do you get client
private and public keys, are they randomly generated once for each SSH
client installation, or are new client public/private keys generated
each time SSH is run?
5."Both the client and server then use this number to generate private
session keys".... you what? Why do you need private session keys if
the server only has one private key always, and the client already has
a public/private key pair from step (4)?

Other questions;
I have to login to my SSH provider using loginname/password. Do those
relate at all to the encryption element of the SSH transaction, ie. is
the username/password somehow a passphrase unlocking the private key
from the encrypted private key which the server stores; or is
username/password simply login authentication with no encryption
relevance?

Is it the case that the encrypted SSH link is established first, and
then username/password are transferred over the encrypted link? So if
an attacker is watching the link, is the username apparent to them, or
ciphered?

Is client public key generated afresh each time SSH runs, or is it
generated just the once and then the same client public/private key
used for all time?

Sorry for all the questions, I'm curious how all this works and would
like some clarity.