8/3/2019 Exp5 Ssh Key Management

1/2

Experiment No:

Aim:

To study Key management in ssh

Theory:

Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or

command execution and other secure network services between two networked computers that it

connects via a secure channel over an insecure network. The protocol specification distinguishes two

major versions that are referred to as SSH-1 and SSH-2.

The best-known application of the protocol is for access to shell accounts on Unix-like operating

systems. It was designed as a replacement for Telnet and other insecure remote shell protocols such as

the Berkeley rsh and rexec protocols, which send information, notably passwords, in plaintext,

rendering them susceptible to interception and disclosure using packet analysis. The encryption usedby SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as

the Internet.

The manual page of ssh describes it as follows.

ssh (SSH client) is a program for logging into a remote machine and for

executing commands on a remote machine. It is intended to replace rlogin

and rsh, and provide secure encrypted communications between two

untrusted hosts over an insecure network. X11 connections and arbitrary

TCP ports can also be forwarded over the secure channel.

ssh connects and logs into the specified hostname (with optional user

name). The user must prove his/her identity to the remote machine usingone of several methods depending on the protocol version used (see

below).

If command is specified, it is executed on the remote host instead of a

login shell.

Key Management

On Unix-like systems, the list of authorized keys is stored in the home folder of the user that is

allowed to log in remotely, in the file ~/.ssh/authorized_keys. This file is only respected by ssh if it isnot writable by anything apart from the owner. When the public key is present on one side and the

matching private key is present on another side, typing in the password is no longer required (some

software like MPI stack may need this passwordless access to run properly). However for additional

security the private key itself can be locked with a passphrase.

8/3/2019 Exp5 Ssh Key Management

2/2

The private key can also be looked for in standard places but the full path to it can also be specified as

a command line setting (the switch -i for ssh). The ssh-keygen utility produces the public and private

key, always in pairs.

SSH also supports password based authentication that is still encrypted by automatically generated

keys. In this case the attacker could imitate the legitimate side, ask for the password and obtain it

(man-in-the-middle attack). However this is only possible if the two sides have never authenticated

before as SSH remembers the key that the remote side once used. Password authentication can be

disabled.

Output: