I am a cybersecurity scholar and I am keen to grasp the fundamental processes of an SSH session. I wrote down the levels to the most effective of my skill however need assistance understanding what occurs proper after the TCP handshake and proper earlier than the Diffie-Hellman key alternate. Please assist:
Session Begin/TCP Handshake
1.Consumer begins a session with Server by initiating a TCP handshake.
Assymetric Encryption for TCP Session
2.Server and Consumer negotiate back-and-forth and agree upon a mutually supported encryption protocol for the TCP session.
At this level, post-protocol-negotiation, it’s unclear to me how their session is initially being encrypted. I used Wireshark to try to seize the Consumer or Server sending over their public key or one thing however may solely see the protocol model alternate. Regardless, please clarify this stage when you can.
Consumer and Server negotiate a shared secret key for this session utilizing the Diffie-Hellman algorithm so as to set up a symmetric-key encrypted session.
3.Consumer and Server start course of of manufacturing short-term key pairs, utilizing 1. Shared prime quantity 2. Encryption generator (usually AES) 3. Non-public prime quantity (as non-public key).
4.Consumer and Server use these three to every generate their very own public key that may be derived from their very own non-public key.
5.Consumer and Server every share their generated public key with one another.
6.Consumer and Server every use their very own non-public key, the opposite’s public key and their authentic shared prime quantity to generate the identical secret key.
7.Consumer and Server use this key as their shared secret key to encrypt and decrypt all future communication on this session.
At this stage, Consumer and Server have efficiently established a symmetric-key-encrypted session with out having wanted to ship the key key over the community.
If I obtained the rest incorrect I would actually admire any clarification. Thanks!