[ale] Documentation of SSH exchange (including math)

Alex Carver agcarver+ale at acarver.net
Mon Sep 3 01:58:19 EDT 2012 

Looks like that's what I'm going to have to do.  I read through the RFCs 
but they are overly complicated when I'm really looking for the basic 
flow of data without the protocol negotiation overhead.  I'm trying to 
figure out how the host keys are first used followed by the user's keys 
to authenticate the host (well, identify it and note if there was a 
change) and then the message exchange that authenticates a user based on 
the user's keys.

I'm trying to replicate the basic crypto exchange but strip away all the 
overhead of the SSH negotiations.  My application is going to assume 
only one exchange type is occurring.  It's not intended to be a generic 
SSH/SSL protocol.   The end result is an application that verifies the 
server is the proper one, the server verifies the client/user is the 
proper one, the client announces its presence to the server and that's 
pretty much it, the process ends.  So I don't need to support half a 
million encryption techniques (I'll likely stick with long RSA keys as 
the user keys), multiple SSH protocols, shell access, or anything else. 
  Just the server and user key exchanges to authenticate the server and 
the client.

On 9/2/2012 16:23, Richard Bronosky wrote:
> I would also suggest looking for a library that implements ssh2 in your
> favorite language. You now have me curious so I'll be reading the source of
> the Python and JavaScript libraries.
> On Sep 2, 2012 6:21 PM, "Derek Atkins" <derek at ihtfp.com> wrote:
>
>> Have you tried RFC4251,52,53?
>>
>> -derek
>>
>> Sent from my HTC smartphone
>>
>> ----- Reply message -----
>> From: "Alex Carver" <agcarver+ale at acarver.net>
>> To: "Atlanta Linux Enthusiasts" <ale at ale.org>
>> Subject: [ale] Documentation of SSH exchange (including math)
>> Date: Sun, Sep 2, 2012 6:10 PM
>>
>>
>> Hi all,
>>
>> Does anyone happen to know of a site or other document that describes in
>> detail (including the basic math) of the SSH2 PK authentication process?
>>   All my searches describe the process of enabling PK authentication in
>> the daemon and generating the keys but I'm trying to find something that
>> describes the actual exchange process that identifies a user including
>> the math that is used during the exchange (i.e. any intermediate
>> messages being encrypted by which key, etc.)
>>
>> I know there is more to the exchange than just the user's private and
>> public keys to reduce the possibility of MITM and replay attacks.
>>
>> If I have to I will just dig through the openssh source but I was hoping
>> for something a bit more condensed.  I've got a crazy idea for a
>> home-built project (once I scrape together the dollars) and I want to
>> use PK authentication as part of it.

More information about the Ale mailing list