Re: Explanation of SSH

From: all mail refused (elvis_at_notatla.org.uk)
Date: 06/26/04

• Next message: all mail refused: "Re: Redirect 127.0.0.1 to host IP?"
• Previous message: Bill Unruh: "Re: Explanation of SSH"
• In reply to:(deleted message) oscar_at_jbexNOSPAM.com: "Explanation of SSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 26 Jun 2004 17:47:42 GMT

In article
<1jmqd0pcuekrbh8nncc1sasr5c6h4ldre6@4ax.com>, oscar@jbexNOSPAM.com wrote:

>Having looked at the July issue of Computer Shooper (UK) magazine,
>page 269, I am still unclear on how SSH works exactly. I have googled

>2. "Shopper" says "server sends back its public host and server keys
>to client". You what? Surely there is only one public key it sends
>back, and "host and server keys" means just one public key?

Two.

>4. Shopper says, "Client generates 256 bit random number which it
>encrypts using server and client public keys." What is the 256 bit
>random number?

I normally use - well you know; I can't tell you !

>5."Both the client and server then use this number to generate private
>session keys".... you what? Why do you need private session keys if
>the server only has one private key always, and the client already has
>a public/private key pair from step (4)?

Session keys are intentionally specific to a given event. We wouldn't
want you buying only one ticket and watching Henman win 1000 times, right ?

>I have to login to my SSH provider using loginname/password. Do those
>relate at all to the encryption element of the SSH transaction, ie. is
>the username/password somehow a passphrase unlocking the private key
>from the encrypted private key which the server stores; or is
>username/password simply login authentication with no encryption
>relevance?

You can generate a client side key pair with passphrase if you want but
normal username/password stuff does not involve this.

>Is it the case that the encrypted SSH link is established first, and
>then username/password are transferred over the encrypted link?

Yes.

-- 
Elvis Notargiacomo  master AT barefaced DOT cheek
http://www.notatla.org.uk/goen/

---

• Next message: all mail refused: "Re: Redirect 127.0.0.1 to host IP?"
• Previous message: Bill Unruh: "Re: Explanation of SSH"
• In reply to:(deleted message) oscar_at_jbexNOSPAM.com: "Explanation of SSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Cannot decrypt files encrypted using Crypto API on a different ... previous message which uses the recipien't public key.) ... KEK (key encryption key) to protect the session key. ... embedded into your client app and server code). ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ... (microsoft.public.platformsdk.security) RE: Cannot decrypt files encrypted using Crypto API on a different ... previous message which uses the recipien't public key.) ... KEK (key encryption key) to protect the session key. ... embedded into your client app and server code). ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ... (microsoft.public.platformsdk.security) Re: Asymmetric Encryption ... encryption to securely exchange a symetric private key. ... The client sends the PUBLIC key to the server. ... (microsoft.public.dotnet.framework.aspnet) Re: Asymmetric Encryption ... encryption to securely exchange a symetric private key. ... private key and a public key. ... The client sends the PUBLIC key to the server. ... (microsoft.public.dotnet.framework.aspnet) Re: Asymmetric Encryption ... You can specify if you want to export both your private key and public key. ... encryption to securely exchange a symetric private key. ... The client sends the PUBLIC key to the server. ... (microsoft.public.dotnet.framework.aspnet)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)