[ale] Documentation of SSH exchange (including math)

[David Tomaschik]

On Sun, Sep 2, 2012 at 10:58 PM, Alex Carver <agcarver+ale at acarver.net> wrote:
> Looks like that's what I'm going to have to do.  I read through the RFCs
> but they are overly complicated when I'm really looking for the basic
> flow of data without the protocol negotiation overhead.  I'm trying to
> figure out how the host keys are first used followed by the user's keys
> to authenticate the host (well, identify it and note if there was a
> change) and then the message exchange that authenticates a user based on
> the user's keys.
>
> I'm trying to replicate the basic crypto exchange but strip away all the
> overhead of the SSH negotiations.  My application is going to assume
> only one exchange type is occurring.  It's not intended to be a generic
> SSH/SSL protocol.   The end result is an application that verifies the
> server is the proper one, the server verifies the client/user is the
> proper one, the client announces its presence to the server and that's
> pretty much it, the process ends.  So I don't need to support half a
> million encryption techniques (I'll likely stick with long RSA keys as
> the user keys), multiple SSH protocols, shell access, or anything else.
>   Just the server and user key exchanges to authenticate the server and
> the client.

Is there a reason SSH has to be the model?  You can use x509 certs and
link in OpenSSL or GnuTLS and authenticate & encrypt that way.  Don't
roll your own crypto.  Even if you get the math right, getting the
implementation details right is subtly hard.

What kind of an implementation are you going for where the overhead of
SSH is significant?  Must be a very small embedded device if that's a
big implementation concern.

David


> On 9/2/2012 16:23, Richard Bronosky wrote:
>> I would also suggest looking for a library that implements ssh2 in your
>> favorite language. You now have me curious so I'll be reading the source of
>> the Python and JavaScript libraries.
>> On Sep 2, 2012 6:21 PM, "Derek Atkins" <derek at ihtfp.com> wrote:
>>
>>> Have you tried RFC4251,52,53?
>>>
>>> -derek
>>>
>>> Sent from my HTC smartphone
>>>
>>> ----- Reply message -----
>>> From: "Alex Carver" <agcarver+ale at acarver.net>
>>> To: "Atlanta Linux Enthusiasts" <ale at ale.org>
>>> Subject: [ale] Documentation of SSH exchange (including math)
>>> Date: Sun, Sep 2, 2012 6:10 PM
>>>
>>>
>>> Hi all,
>>>
>>> Does anyone happen to know of a site or other document that describes in
>>> detail (including the basic math) of the SSH2 PK authentication process?
>>>   All my searches describe the process of enabling PK authentication in
>>> the daemon and generating the keys but I'm trying to find something that
>>> describes the actual exchange process that identifies a user including
>>> the math that is used during the exchange (i.e. any intermediate
>>> messages being encrypted by which key, etc.)
>>>
>>> I know there is more to the exchange than just the user's private and
>>> public keys to reduce the possibility of MITM and replay attacks.
>>>
>>> If I have to I will just dig through the openssh source but I was hoping
>>> for something a bit more condensed.  I've got a crazy idea for a
>>> home-built project (once I scrape together the dollars) and I want to
>>> use PK authentication as part of it.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com