How Does SSH Work?
2022-01-18
I am not an expert. You have been warned.
There are times when software makes you feel like a god. I once pulled an all-nighter on a digital systems project and dreamed that I was a being of pure energy flowing along the wires of my Verilog circuit, a silicon Elysium far beyond this mortal cage of bone and crimson flesh.
Then there are times when software makes you feel like a chimpanzee poking beehives with a stick. This is how I feel when I think about SSH.
But part of growing older and wiser is facing your demons, and I would hardly set a good standard if I didn't confront one from time to time. There's only so long that SSH can be "the cryptic spell that teleports my code to the server."
Why use SSH?
What is SSH? — It stands for secure shell. It's a secure way to talk to other computers over a network.
Why would I ever do that? — Deploying code to another server, running commands on another machine, or just interacting with another computer in a direct and low-level way.
Why not just use a password? — Passwords are more susceptible to guesses and dictionary attacks. People like simple passwords and tend to reuse them, so you're one leak away from potentially compromising your accounts. And it's easier than you think to fall victim to a phishing scam, especially if you've been targeted for your privileged access to something valuable. In comparison, SSH is more resilient.
How does SSH work? — Recall that we can store passwords securely by using a hash function. Hash functions are fast in one direction but painfully slow in the other. SSH uses a similar kind of function, with a twist: it's painfully slow to reverse unless we know a special secret. If we know the special secret, reversing the function is fast and easy.
Public and private keys
Tell me of your precious secrets. — When we use SSH, we have two keys called a public key and a private key. Anyone can use your public key to encrypt whatever message they want and make it secure. This is similar to the hashing we did before. But only your private key can decrypt that message and make it readable again. (Since the public and private keys are different, this is called asymmetric encryption.)
What is a key? — It's just a string of characters. Here's an example public key:
1 2 3 4 5 6 7 8 9 | |
Is that your real public key? Yes, and my credit card number is 4000 1234
5678 9012.
How do we use these keys? — You keep the private key and give the server your public key and your username. When you first contact the server, it sends you a message that you can understand only if you have the private key. Once you prove that you can understand the message, you can talk to the server, and the server knows who it's talking to.
How do I give the server my public key? — Usually, I just log in with whatever account system the server owner (e.g. GitHub) uses and paste it into a form. Or I suppose you could ask a server admin to set it up for you.
What if someone hacks into my account and changes the public key? — We don't ask such things.
Where do I keep the private key? — Some people keep it on an external
device, but usually it just stays on your computer. My SSH keys are kept in a
directory called .ssh in my home directory.
That sounds really unsafe. — It's protected by a passphrase.
What's a passphrase? — Think of it as a really long password. Usually passphrase implies a longer phrase of multiple words, often with spaces.
So, why not use passwords in the first place? — The important insight is that private keys don't leave your computer, ever. You're not sending them over a network, you're not sharing them with other computers, and you're not showing them to anybody or typing them in. The only way someone can get to it is if your computer is totally compromised. And at that point, you have much bigger problems than an SSH key.
Creating keys
How do we create public and private keys? — Any secure asymmetric algorithm can generate them. RSA is more popular. The GitHub docs now recommend Ed25519. These are the two I've seen most often, but I'm no expert.
That's just a bunch of jargon. — It took three MIT professors a full year to create RSA. Ed25519 uses elliptic curves, which I barely understand. I'm not touching them with a ten-foot pole.
Try. — The basic principle is to find mathematical problems that are
intractable. Usually these involve prime numbers. As a toy example, it's easy
to multiply some prime numbers together to get a new number (for example, 17 *
103 * 41 = 71791), but it's less easy to take a given number and recover its
prime factors. And if the prime factors are hundreds of digits long, it becomes
much harder to find a number's prime factors.
What's the connection? — Any message we send is just a bunch of bits. And together, those bits form a number. So we can transform that number with mathematical operations. To continue the toy example, imagine multiplying your favorite picture of Bollywood megastar Shah Rukh Khan by some large prime number. That prime number is your key. If you know the key, you can recover a beloved Indian icon. If you don't, he's as tragically locked away as a cynic's tender heart. RSA uses the same basic principle but in a more complicated way.
Using SSH
What about the rest of SSH? — Try man ssh.
How lazy. — There's a Borges short story about a map so complete that it's just as large as the territory it describes. No map can replace its territory, but maps are still useful for certain needs. I've charted SSH enough to be satisfied.