Hi guys,

I just have some questions about SSH2 mechanism which I hope anyone can answer . But please, If you are not sure 100% about your answer, don’t post it cause I read a lot of conflicting comments on the web.

My Questions:

1-Are DSA and RSA independent encryption ciphers (cryptosystems) just as any other ciphers like AES, 3DES, ..etc and not just a asymmetric key generators that are used under other symmetric encryption algorithms ?

2- It is believed that RSA or DSA is used just for the authentication phase of the connection and the rest of the connection is just encrypted with symmetric algorithm (private key). Is that true ?

Because I read that SSH2 is a hybrid protocol which uses both symmetric and asymmetric encryption ciphers. Symmetric encryption for encrypting the bulk of the message and symmetric encryption for encrypting the symmetric key itself. Do they mean hybrid just for the authentication phase or for the entire session ?

3- Are the keys used to encrypt/decrypt is sent with each and every transmission of an encrypted packet, or the server/client establish the key first, then only the encrypted packet is sent ?

Thanks guys and it is my honor to be with you in such beautiful forum. Good Luck All.

I think maybe that is not the case, but I'm not sure.Possibly. It could depend on one of several factors.Some might say yes, but they could be mistaken.No problem, good luck with your homework.

descendant_command

You Joking ... Right ?

There is no even a single helpful answer

Well, based on this:
..what do you expect? This sounds VERY much like a homework question, and such questions aren't typically answered on LQ. If you want the full SSH2 protocol details, you can easily find them via Google:
https://www.ietf.org/rfc/rfc4251.txt

3 members found this post helpful.

aaah , i got it now why u all say homework

abstemiously no guys .. it is not a homework

I study alone and i read a lot of articles .. i understood almost all aspects of SSH2 but i didn't find a good clarification for the three points stated above.

i will read the documentation Allah willing, but if u can provide me with a short answer will be cool too.

thanks guys.

You need to spell out your words. And if it's not homework, what are you trying to accomplish? Being pointed to the IETF specs on the protocol will answer ALL your questions.

Sorry, but you need to put effort into getting your answers. The docs from IETF were easy to find, and answer your questions. If you can't be bothered reading them, then your questions will go unanswered.

Man, Take it easy !!!!

I said "if u can" .. either if u can or not >> i will read the RFC to be 100% sure

I will not take your words for granted.. just it will help me regroup all pieces of the puzzle.

I have been visiting a lot of Linux forums and i have never seen this kind of aggressive attitude before

Thanks anyway !!

Mate, you need to "show" your efforts when you post a
question. If you have searched Google in depth, then you
need to quote out whatever you didn't understand or found
conflicting (with references).

Simply saying What is XX? will get you the kind of responses
you have got above.

BTW,
u != you
ur != your
plz != please

2 members found this post helpful.

Yes I will do that

Btw, I got the first question answered

Again, spell out your words. And this is not an "aggressive attitude"....it's simply stating a fact. The protocol specs were very easy to find, which then answer all of your questions. You were given the link, but then asked for someone else to go through the docs, to give you the SPECIFIC answers that YOU wanted. As said, just show some effort into doing your own research.

I didn't ask you or anybody else to go through the docs !!!

If you already know the answer, help me with it. If not, you provide the way I have to go to answer myself

I didn't ask you or anybody else to go through the docs !!!

And .. why are you 100% that the SPECS will answer all my concerns ? why are u 100% sure that i am a lazy ass who doesn't do good research before asking !!?
Maybe i am confused about something that need some more clues that is not presented in the DOCs... and i didn't ask you to explain the whole protocol. I asked a three simple questions.

If the DOCS are the only way i can get help from... so why does this forum exists at all !!

Bro, If you please .. If you see any question from me in the future, please don't help me even if you know the exact answer.

Thanks

I did provide you with the way to answer it yourself by giving you the link to the specs.
The specs detail EXACTLY how the protocol operates, and ALL of the functions of it. If that doesn't tell you how it works, I'm not sure what would. And AGAIN, you need to spell out your words. It's "you", not "u".
Forums exist for specific questions, like "I have Fedora 16...I'm trying to run SSH, but I'm getting error xxx". SSH is platform independent, and the only way to get details about that is to read the specs on the protocol. To clarify a bit more, even if your Dell laptop is running Linux, coming here and asking "I need the specs for the processor of my Dell laptop", won't get you much but a link to the Dell website, since they are the ones who designed it.
I'm not your "bro"...wouldn't be too thrilled if I was. You asked three questions, and were given a link to where the answers were. Apparently, you weren't too happy about that, and asked for further clarification (that would be, US going through the docs to answer your questions). Sorry if the answer wasn't what you wanted, but it was what you asked for.

1 members found this post helpful.

WOW...

Mr TB0ne, again, Take it easy !!!

Again, If you see anything from me in the future, just ignore me and save us the time wasted arguing with each other.

Thanks

Thanks To Allah, all my questions have been answered

Subject Closed

MY Conclusion:

1- DSA and RSA which are two types of "Asymmetric CryptoSystem" are not just
key generation methods to be used in other "Symmetric Encryption Algorithms". They are independent encryption algorithm.

2- I think this belief is wrong "Asymmetric Encryption" is not just for SSH2 authentication
phase. Actually SSH2 uses "Asymmetric encryption (DSA or RSA)" for authentication and
also for encrypting a hash of the original message (done with a HMAC hash algorithm) in
order to provide both "Message Integrity" and "Digital Signature Verification", because
as u know what a public key encrypts, only can be decrypted by it's private one which
in sole possession of the receiver.

3- Actually I haven't find a clear answer for this question. But I think SSH2 doesn't do
that (doesn't transmit the keys with each and every transmission of an encrypted
package).

I ask myself why it would do such a thing ?!

1- The "Diffie-Hellman key-exchange" algorithm dictates the secret session key in a way that both the client and the server know it without the need of one side telling the other.So both know the "symmetric key (secret session key)" to decrypt the bulk of the message.
2- When a client send a message to the server, the client encrypt the hash of the message with ((the server's public key (which is already public ))) which can be decrypted with the server's private key which no one knows except the server .

So why a sender would ever send the keys to a recipient who already knows them

That's why I think SSH2 Doesn't send the session key nor the already public "public
key" with every and each transmission of an encrypted package.

Really Really.. any comments or discussions are greatly welcomed

Thanks guys