Context

Before was Telnet or Rlogin (not secure). Packets were sent in clear.

Internet was not fleshed out.

• Calls were being done in the same network.

Admin connections are vulnerable.

• Even in local network, it’s unclear if that is secure.

Why SSH

Encrypting the data that is being sent through the network.

Adversary can still see the traffic (inferences).

Analogy: you can’t see the content of packages being delivered to your neighbor.

SSH and TCP

SSH server allows TCP (transmission control protocol) connection is made between two machines and kept open.

Structure of TCP packet sent:

• Packet length 4 bytes
  • Info on how big the packet is
• Padding amount
  • how much padding exists
• Payload
  • actual data
• Padding
  • actual padding, random num up to 255 bytes
    • random bytes without meaning
    • used to be blended with payload when being encrypted to make it harder for sniffer to know what the content is
    • padding makes inference harder
• Message authentication code (tag)
  • authenticity of package
    • ensures none of the data in package is tampered
• Packets are normally compressed
• Only packet length and Message authentication code can be read
• Client and Server communicates to coordinate on what encryption algorithm is used
  • Can reject weaker algorithms
• Channel
  • allows for multiple connection to the server

Packets are normally compressed.

Only packet length and Message authentication code can be read in plain sight.

Client and Server communicates to coordinate on what encryption algorithm is used.

• Can reject weaker algorithms.

Channel

• allows for multiple connection to the server.