Answer the question
In order to leave comments, you need to log in
How does ssh work?
On the server is openssh with password authorization. I can't understand how it works at all. Google doesn't show anything at all. All that is written is not clear to me. I don’t even understand how fingerprint can protect against mitms if you can make a fake ssh server that will give the right fingerprint. That is, explain on your fingers what is happening, at what stage they ask me for a login and password, and where does a secure connection come from if the server transmits a public key. Mana on the Internet has already completely confused me.
Answer the question
In order to leave comments, you need to log in
elisey474 : You were told you need to learn cryptography.
Start with
https://ru.wikipedia.org/wiki/%D0%9E%D0%B4%D0%BD%D...
and
https://ru.wikipedia.org/wiki/%D0%9A%D1 %80%D0%B8%D...
If you don't understand but really want to understand, increase your math/algebra level.
Update:
The server sends its public key to everyone.
1. With this public key, you encrypt your data (login, password) and send it to the server. The server decrypts them with its private key and authorizes you.
2. If the authorization is successful, you can continue to create a secure session. To do this, you need to create a shared secret key with which you will encrypt all your data within the session. The implementation may differ, but your client generates such a secret key, encrypts it again with a public key, and sends it to the server. The server privately decrypts it and establishes a communication session, already on a faster protocol, but we can assume that this session secret key is unknown to anyone except your client and server, because it was not transmitted in the clear.
3. Don't confuse ssh keys and ssh protocol. There are Server keys
- for organizing a secure connection, as I described above.
Custom - not to use passwords.
4. Fingerprint is a hash of the public key. Serves to quickly check if a server matches - the first time you connect to a server via ssh, you are prompted to remember this server in the list of known hosts. Then. each time you try to connect, the public key will be verified - so that an attacker cannot change the server. This check, in order to speed it up, can be performed on a cast. But encryption will still follow the full key.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question