[ale] Documentation of SSH exchange (including math)

Derek Atkins warlord at MIT.EDU
Thu Sep 6 11:14:09 EDT 2012 

Hi,

Alex Carver <agcarver+ale at acarver.net> writes:

> Trusting the certificates or host keys on the two ends isn't a problem 
> in this case.  In my implementation design, the two sets of host keys 
> and user keys are installed on both ends of the link via an OOB 
> connection (using a desktop machine to do the heavy lifting for key 
> generation).  So both ends are trusted in this case.
>
> I'll investigate SSL/cert and see how that goes through.  In any case 
> whatever I use has to fit on a small microcontroller.

Does it have to be free?
The company I work for sells an embedded SSL toolkit just for this purpose.

-derek

> On 9/4/2012 19:17, Derek Atkins wrote:
>> Why not SSL with client certificate authentication? That has the same crypto flow. The real question in all cases is how to trust the other's cert
>>
>> -derek
>>
>> Sent from my HTC smartphone
>>
>> ----- Reply message -----
>> From: "Alex Carver" <agcarver+ale at acarver.net>
>> To: <ale at ale.org>
>> Subject: [ale] Documentation of SSH exchange (including math)
>> Date: Tue, Sep 4, 2012 5:59 PM
>>
>>
>> On 9/4/2012 15:50, David Tomaschik wrote:
>>> On Sun, Sep 2, 2012 at 10:58 PM, Alex Carver <agcarver+ale at acarver.net> wrote:
>>>> Looks like that's what I'm going to have to do.  I read through the RFCs
>>>> but they are overly complicated when I'm really looking for the basic
>>>> flow of data without the protocol negotiation overhead.  I'm trying to
>>>> figure out how the host keys are first used followed by the user's keys
>>>> to authenticate the host (well, identify it and note if there was a
>>>> change) and then the message exchange that authenticates a user based on
>>>> the user's keys.
>>>>
>>>> I'm trying to replicate the basic crypto exchange but strip away all the
>>>> overhead of the SSH negotiations.  My application is going to assume
>>>> only one exchange type is occurring.  It's not intended to be a generic
>>>> SSH/SSL protocol.   The end result is an application that verifies the
>>>> server is the proper one, the server verifies the client/user is the
>>>> proper one, the client announces its presence to the server and that's
>>>> pretty much it, the process ends.  So I don't need to support half a
>>>> million encryption techniques (I'll likely stick with long RSA keys as
>>>> the user keys), multiple SSH protocols, shell access, or anything else.
>>>>     Just the server and user key exchanges to authenticate the server and
>>>> the client.
>>>
>>> Is there a reason SSH has to be the model?  You can use x509 certs and
>>> link in OpenSSL or GnuTLS and authenticate & encrypt that way.  Don't
>>> roll your own crypto.  Even if you get the math right, getting the
>>> implementation details right is subtly hard.
>>>
>>> What kind of an implementation are you going for where the overhead of
>>> SSH is significant?  Must be a very small embedded device if that's a
>>> big implementation concern.
>>>
>>
>> Yes, the end goal is a pair of embedded devices that will authenticate
>> between themselves (mostly for fun).  Since I only need to exchange
>> small control messages I don't need full shells or other large libraries
>> but I do need the basics of the authentication scheme.  I'm using SSH as
>> the model because the process flow performs the host check followed by
>> the user authentication via key.  If I can understand that basic flow
>> and exactly what numbers are being computed where then I can replicate
>> that on embedded hardware with certain assumptions in place (e.g. keys
>> are RSA, the handshake is always the same, no negotiations for
>> encryption type occur, etc.).
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the Ale mailing list