Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just have some questions about SSH2 mechanism which I hope anyone can answer . But please, If you are not sure 100% about your answer, don’t post it cause I read a lot of conflicting comments on the web.
My Questions:
1-Are DSA and RSA independent encryption ciphers (cryptosystems) just as any other ciphers like AES, 3DES, ..etc and not just a asymmetric key generators that are used under other symmetric encryption algorithms ?
2- It is believed that RSA or DSA is used just for the authentication phase of the connection and the rest of the connection is just encrypted with symmetric algorithm (private key). Is that true ?
Because I read that SSH2 is a hybrid protocol which uses both symmetric and asymmetric encryption ciphers. Symmetric encryption for encrypting the bulk of the message and symmetric encryption for encrypting the symmetric key itself. Do they mean hybrid just for the authentication phase or for the entire session ?
3- Are the keys used to encrypt/decrypt is sent with each and every transmission of an encrypted packet, or the server/client establish the key first, then only the encrypted packet is sent ?
Thanks guys and it is my honor to be with you in such beautiful forum. Good Luck All.
Click here to see the post LQ members have rated as the most helpful post in this thread.
I just have some questions about SSH2 mechanism which I hope anyone can answer . But please, If you are not sure 100% about your answer, don’t post it cause I read a lot of conflicting comments on the web.
My Questions:
1-Are DSA and RSA independent encryption ciphers (cryptosystems) just as any other ciphers like AES, 3DES, ..etc and not just a asymmetric key generators that are used under other symmetric encryption algorithms ?
I think maybe that is not the case, but I'm not sure.
Quote:
2- It is believed that RSA or DSA is used just for the authentication phase of the connection and the rest of the connection is just encrypted with symmetric algorithm (private key). Is that true ?
Because I read that SSH2 is a hybrid protocol which uses both symmetric and asymmetric encryption ciphers. Symmetric encryption for encrypting the bulk of the message and symmetric encryption for encrypting the symmetric key itself. Do they mean hybrid just for the authentication phase or for the entire session ?
Possibly. It could depend on one of several factors.
Quote:
3- Are the keys used to encrypt/decrypt is sent with each and every transmission of an encrypted packet, or the server/client establish the key first, then only the encrypted packet is sent ?
Some might say yes, but they could be mistaken.
Quote:
Thanks guys and it is my honor to be with you in such beautiful forum. Good Luck All.
descendant_command
You Joking ... Right? There is no even a single helpful answer
Well, based on this:
Quote:
Originally Posted by LinuxInDepth
But please, If you are not sure 100% about your answer, don’t post it
..what do you expect? This sounds VERY much like a homework question, and such questions aren't typically answered on LQ. If you want the full SSH2 protocol details, you can easily find them via Google: https://www.ietf.org/rfc/rfc4251.txt
I study alone and i read a lot of articles .. i understood almost all aspects of SSH2 but i didn't find a good clarification for the three points stated above.
i will read the documentation Allah willing, but if u can provide me with a short answer will be cool too.
aaah , i got it now why u all say homework
abstemiously no guys .. it is not a homework
I study alone and i read a lot of articles .. i understood almost all aspects of SSH2 but i didn't find a good clarification for the three points stated above.
i will read the documentation Allah willing, but if u can provide me with a short answer will be cool too.
thanks guys.
You need to spell out your words. And if it's not homework, what are you trying to accomplish? Being pointed to the IETF specs on the protocol will answer ALL your questions.
Sorry, but you need to put effort into getting your answers. The docs from IETF were easy to find, and answer your questions. If you can't be bothered reading them, then your questions will go unanswered.
Mate, you need to "show" your efforts when you post a
question. If you have searched Google in depth, then you
need to quote out whatever you didn't understand or found
conflicting (with references).
Simply saying What is XX? will get you the kind of responses
you have got above.
Man, Take it easy !!!!
I said "if u can" .. either if u can or not >> i will read the RFC to be 100% sure
I will not take your words for granted.. just it will help me regroup all pieces of the puzzle.
I have been visiting a lot of Linux forums and i have never seen this kind of aggressive attitude before
Thanks anyway !!
Again, spell out your words. And this is not an "aggressive attitude"....it's simply stating a fact. The protocol specs were very easy to find, which then answer all of your questions. You were given the link, but then asked for someone else to go through the docs, to give you the SPECIFIC answers that YOU wanted. As said, just show some effort into doing your own research.
I didn't ask you or anybody else to go through the docs !!!
If you already know the answer, help me with it. If not, you provide the way I have to go to answer myself
I didn't ask you or anybody else to go through the docs !!!
And .. why are you 100% that the SPECS will answer all my concerns ? why are u 100% sure that i am a lazy ass who doesn't do good research before asking !!?
Maybe i am confused about something that need some more clues that is not presented in the DOCs... and i didn't ask you to explain the whole protocol. I asked a three simple questions.
If the DOCS are the only way i can get help from... so why does this forum exists at all !!
Bro, If you please .. If you see any question from me in the future, please don't help me even if you know the exact answer.
I didn't ask you or anybody else to go through the docs !!!
If you already know the answer, help me with it. If not, you provide the way I have to go to answer myself
I did provide you with the way to answer it yourself by giving you the link to the specs.
Quote:
I didn't ask you or anybody else to go through the docs !!!
And .. why are you 100% that the SPECS will answer all my concerns ? why are u 100% sure that i am a lazy ass who doesn't do good research before asking !!?
The specs detail EXACTLY how the protocol operates, and ALL of the functions of it. If that doesn't tell you how it works, I'm not sure what would. And AGAIN, you need to spell out your words. It's "you", not "u".
Quote:
Maybe i am confused about something that need some more clues that is not presented in the DOCs... and i didn't ask you to explain the whole protocol. I asked a three simple questions.
If the DOCS are the only way i can get help from... so why does this forum exists at all !!
Forums exist for specific questions, like "I have Fedora 16...I'm trying to run SSH, but I'm getting error xxx". SSH is platform independent, and the only way to get details about that is to read the specs on the protocol. To clarify a bit more, even if your Dell laptop is running Linux, coming here and asking "I need the specs for the processor of my Dell laptop", won't get you much but a link to the Dell website, since they are the ones who designed it.
Quote:
Bro, If you please .. If you see any question from me in the future, please don't help me even if you know the exact answer.
Thanks
I'm not your "bro"...wouldn't be too thrilled if I was. You asked three questions, and were given a link to where the answers were. Apparently, you weren't too happy about that, and asked for further clarification (that would be, US going through the docs to answer your questions). Sorry if the answer wasn't what you wanted, but it was what you asked for.
1- DSA and RSA which are two types of "Asymmetric CryptoSystem" are not just
key generation methods to be used in other "Symmetric Encryption Algorithms". They are independent encryption algorithm.
2- I think this belief is wrong "Asymmetric Encryption" is not just for SSH2 authentication
phase. Actually SSH2 uses "Asymmetric encryption (DSA or RSA)" for authentication and
also for encrypting a hash of the original message (done with a HMAC hash algorithm) in
order to provide both "Message Integrity" and "Digital Signature Verification", because
as u know what a public key encrypts, only can be decrypted by it's private one which
in sole possession of the receiver.
3- Actually I haven't find a clear answer for this question. But I think SSH2 doesn't do
that (doesn't transmit the keys with each and every transmission of an encrypted
package).
I ask myself why it would do such a thing ?!
1- The "Diffie-Hellman key-exchange" algorithm dictates the secret session key in a way that both the client and the server know it without the need of one side telling the other.So both know the "symmetric key (secret session key)" to decrypt the bulk of the message.
2- When a client send a message to the server, the client encrypt the hash of the message with ((the server's public key (which is already public ))) which can be decrypted with the server's private key which no one knows except the server .
So why a sender would ever send the keys to a recipient who already knows them
That's why I think SSH2 Doesn't send the session key nor the already public "public
key" with every and each transmission of an encrypted package.
Really Really.. any comments or discussions are greatly welcomed
Thanks guys
Last edited by LinuxInDepth; 04-24-2012 at 07:31 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.