How Secure Shell Works (SSH) - Computerphile

  Рет қаралды 801,951

Computerphile

Computerphile

5 жыл бұрын

Connecting via SSH to a remote machine is second nature to some, but how does it work? Dr Steve Bagley.
Dr Mike Pound on Hashing (mentions padding but full video on padding is planned to follow): • SHA: Secure Hashing Al...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com

Пікірлер: 390
@nicholas_scott
@nicholas_scott 5 жыл бұрын
I remember back in 97, the university officially ended all support for non encrypted remote access, and we were all required to use SSH. Which worked fine. It also made for an excellent tunnelling tool when the same university tried blocking all access to P2P networks.
@ByteNishi
@ByteNishi 5 жыл бұрын
@@Eeroke Teach me master
@BattousaiHBr
@BattousaiHBr 5 жыл бұрын
"congratulations, you played yourself."
@napalm3899
@napalm3899 4 жыл бұрын
Hoisted by their own petard.
@paulgupta2454
@paulgupta2454 4 жыл бұрын
If they can't see it, they have plausible deniability. Bet their lawyers were happier with that
@josephsmock3679
@josephsmock3679 3 жыл бұрын
No mate. They didn’t think that far ahead.
@dansmoothback9644
@dansmoothback9644 5 жыл бұрын
Discovering SSH was a game changer for me after i started playing with linux. I discovered SSH forwarding and it blew my goddamn mind. It's been a life saver in a lot of situations and I'll never forget the professor that showed me how to use it.
@AndersJackson
@AndersJackson 5 жыл бұрын
I still remember when I discovered that I with scp could from machine A copy a file from machine B to C. Also that it could copy between two accounts on the same machine. 😜
@AndersJackson
@AndersJackson 5 жыл бұрын
Anyway, you should try emacs. Open the file "/ssh:user@machine:file" or "/scp:user@machine:'. Called Tramp mode. 😜
@FractalZero
@FractalZero 3 жыл бұрын
@@AndersJackson As someone who is new to the linux game, that second sentence is quite an eye-opener. So much to learn.
@AndersJackson
@AndersJackson 3 жыл бұрын
@@FractalZero Emacs is great, both in Linux, MacOSX, and MS Windows. You might want to look Up and use My configuration on GitLab to start from. There you have both OrgMode and Magit setup for use in Emacs. Firar is easy way to generator, PDF, HTML and other formats from same source. You can also mix in code, and extract it to files or executing and show result in documents.
@DontScareTheFish
@DontScareTheFish 2 жыл бұрын
The biggest thing for me was when setting up control connections along with that. I was in an environment which had 2FA on the bastion hosts to get into the environment, but regular keys / passwords to the hosts behind. We'd have a session to the bastion host with top running (to keep the session open) then we could use chaining / multihops to go through the existing session on the bastion host to the hosts deeper in the network on subsequent connections during the day
@El_Grincho
@El_Grincho 5 жыл бұрын
Can't imagine life without SSH.
@AndersJackson
@AndersJackson 5 жыл бұрын
Been there, in 1989 there was no SSH, just telnet, and we was happy to have that. In 1982 there was not even connections outside the university. I still remember the first Macintosh (yes, THE one, after Lisa).
@lunasophia9002
@lunasophia9002 5 жыл бұрын
Anders Jackson The internet wasn't (as) full of people actively trying to ruin your day 30 years ago. It's sadly a different place now.
@feschber
@feschber 5 жыл бұрын
@@lunasophia9002 Its so sad what the internet has become ... so many years yet still we don't have any secure authentication method thats 100% reliable
@AndersJackson
@AndersJackson 5 жыл бұрын
@@feschber we will never have 100% security, as security faults is either buggs in software, hardware or in specifikation. For instance, there are some interesting bugs in the SMS protocol compression. 😜
@bithon5242
@bithon5242 5 жыл бұрын
Can't imagine life without PURE WATER
@ClarkPotter
@ClarkPotter 3 жыл бұрын
Fantastic. You're the professor that true geeks want. You exhibit an approachable charm beneath the geekspeak that invites questions and deep exploration into topics.
@mugglepower
@mugglepower 7 ай бұрын
the casual focus fade in/out makes it looks like an office episode and its just priceless/.
@Jeremy-su3xy
@Jeremy-su3xy 5 жыл бұрын
Nice tutorial. Thanks. Would talk more about the key exchange and establishing process you omitted for the purpose of this video at around 4:00?
@kade9527
@kade9527 5 жыл бұрын
How does the other machine (server in your example) know the key to initially decrypt the packet? Do they use an asymmetric encryption handshake to establish the session key for the ssh to encrypt the payload and padding to be passed through the ssh? Love the vids too
@ZintomV1
@ZintomV1 5 жыл бұрын
Yes, they do, as you can see in the video it states "offering public key".
@kade9527
@kade9527 5 жыл бұрын
@@ZintomV1 oh yeah thank you, I didn't see that on first watch :)
@AndersJackson
@AndersJackson 5 жыл бұрын
@@kade9527 try it self with a couple of "-v" switches and you learn a lot. ;-)
@AndersJackson
@AndersJackson 5 жыл бұрын
They also do some MIM protection. That is they use certificates on both directions, so you can create a certificate to use when you login in.
@huckthatdish
@huckthatdish 5 жыл бұрын
Depends on the implementation. I’ve used connections where the sysadmin has to manually add your public key into the target machines config so only people who possess a specific set of private keys can possibly access it. The only way to possibly get in is access to one of the machines involved since no other auth protocol is part of the process.
@oafpolitics179
@oafpolitics179 4 жыл бұрын
Thing I love about this video is the listing paper. I bet Nottingham still have boxes and boxes of that stuff floating around from the 80s.
@AndrewOxenburgh
@AndrewOxenburgh 2 жыл бұрын
Yeah!! I miss that stuff!
@paojek4806
@paojek4806 Жыл бұрын
I am using this tunnel, 24/7 in my PC and smartphone for over 3 years now. And I am happy
@gwgux
@gwgux 3 жыл бұрын
Kudos for taking it down to the packet level! Many videos don't do this!
@SandmanGeek
@SandmanGeek 3 жыл бұрын
SSH is the way to go ... Nicely explained Doc.
@sharkbytefpv4326
@sharkbytefpv4326 5 жыл бұрын
Would love to see a video about MOSH from you guys! Thanks, appreciate your work
@ZedaZ80
@ZedaZ80 5 жыл бұрын
Thanks for the subtitles! The auto-generated ones can be pretty inconsistent.
@BlueyMcPhluey
@BlueyMcPhluey 5 жыл бұрын
perfect timing, I'm taking a networking course right now and they do a terrible job of explaining SSH
@clearmenser
@clearmenser 5 жыл бұрын
Please don't blur for security. It's still readable. Use solid colored bars, for the love of Turing.
@eadweard.
@eadweard. 4 жыл бұрын
who cares
@lollllloro
@lollllloro 4 жыл бұрын
@@eadweard. Probably the guy who wanted to prevent others from seeing it. Or maybe he's baiting people to attack the address. Ironically you cared enough about people caring about it to comment so you must be really invested in this xd.
@naturesinterface6663
@naturesinterface6663 4 жыл бұрын
@@lollllloro who cares
@lollllloro
@lollllloro 4 жыл бұрын
@@naturesinterface6663 I'm starting to think it might be your IP or something and now the script kiddies are pouring in. :( I'm sorry, man. I never wanted anyone attacking you, or anyone else. I merely suggested it might be an intentional choice. It's probably for the best if everyone just stops paying attention to this if it is, in fact, hurting somebody. Again, my apologies if I made your situation worse, that was never my intent.
@sethadkins546
@sethadkins546 4 жыл бұрын
@@lollllloro who cares Sorry I didn't wanna break the chain
@MaxCoplan
@MaxCoplan 4 жыл бұрын
How do you do the last thing mentioned in the video? Keep ssh connection alive after exiting shell?
@gabbysmith7579
@gabbysmith7579 3 жыл бұрын
This was really helpful for me to better understand how it works and why we use it thanks.
@antoniodellaporta3433
@antoniodellaporta3433 5 жыл бұрын
I think there's an error when talking about the packet format. The SSH2's specifications (RFC4253, section 6.3) states as follow: "When encryption is in effect, the packet length, padding length, payload, and padding fields of each packet MUST be encrypted with the given algorithm.". So the packet is all encrypted except the MAC field. Anyway great job as always with bringing such contents, thank you!
@berndeckenfels
@berndeckenfels 2 ай бұрын
That’s what he said (but it’s not true for all elgorithms and Mac’s. Gcm ciphers don’t encrypt the length
@hundredvisionsguy
@hundredvisionsguy 5 жыл бұрын
Thanks. This was informative. I have a question about channels. Do I understand correctly that it's the channel that deals with the "handshake" and private/public key encryption/decryption? Or is it something else?
@SouravTechLabs
@SouravTechLabs 5 жыл бұрын
Can you link those videos (thumbnail) after the main video in description?
@xokocodo
@xokocodo 4 жыл бұрын
Small detail, but I don't think padding is there to increase the security of the encryption. It's generally just added so that the data matches the block size of the encryption algorithm.
@soyitiel
@soyitiel Жыл бұрын
It's both. Padding is necessary because of block size, but instead of being just null bytes, it's random bytes which scramble the final hash even more, so it also reinforces security
@paulsander5433
@paulsander5433 5 жыл бұрын
Have you considered doing an episode about BEEP (or BXXP)? This is a standard stream multiplexing protocol as described in RFC's 3080 and 308.
@chizzlemo3094
@chizzlemo3094 2 жыл бұрын
What I don’t understand about this and all network encryption generally, is does the first packet have to send the decryption key? How can you send a decryption key without it being sniffed???
@mazspork969
@mazspork969 2 жыл бұрын
All I want to know where you picked up that lovely, wide, green leporello (endless stationary) paper.
@pullmfinger6149
@pullmfinger6149 4 ай бұрын
Thank you for a simple and clear explanation.
@simplerussia2533
@simplerussia2533 3 жыл бұрын
Your videos are amazing! Thanks you for your work pal!
@Kevin_KC0SHO
@Kevin_KC0SHO 4 жыл бұрын
Great video, thanks for creating great content.
@mh972
@mh972 4 жыл бұрын
SSH tunnels let me watch this video at work without "them" knowing...
@voiceoftreason1760
@voiceoftreason1760 5 жыл бұрын
which video explains the padding and random data in the packets? It would be nice if that could be added to the description.
@sebastiaanhols9103
@sebastiaanhols9103 5 жыл бұрын
This channel rocks like SSH.
@blueguy5588
@blueguy5588 2 жыл бұрын
Steve is a Feynman-tier explainer, great vid.
@juanxpeke
@juanxpeke 2 жыл бұрын
can someone suggest me what to study in order to understand all the concepts related to de video?
@vishalmishra3046
@vishalmishra3046 4 жыл бұрын
Why are SSH and TLS(SSL) different protocols when either one could have been built on top of the other to achieve the same objective - e.g. plain-text HTTP over SSH tunnel or rsh/telnet over SSL (instead of tcp) socket ? Is either one more or less secure than the other ?
@ferroviaire79
@ferroviaire79 5 жыл бұрын
What is that Adaptec box always present on your videos? :)
@7becks
@7becks 3 жыл бұрын
Can a single file (split into packets) be sent through multiple channels of communication?
@swas33
@swas33 2 жыл бұрын
How many reams of green-bar printer paper do you still have laying around?
@-dash
@-dash 26 күн бұрын
So are the random bytes which get concatenated the functional equivalent of a cryptographic “salt”? Also, does the length field include the length of the padding as well as the data?
@fouzaialaa7962
@fouzaialaa7962 5 жыл бұрын
how does the encryption work ?? do both machines agree on a key to encrypt and decrypt ?? or do they use an existing keys ?? how is it done exactly ??
@Cobalt985
@Cobalt985 5 жыл бұрын
ググレかす
@classawarrior
@classawarrior 5 жыл бұрын
Which encryption to use, and how to exchange keys, is something both machines "negotiate" based on what they each support. Basically, it's going to be some version of Diffie Hellman (there are Computerphile videos on that). Over time, less secure options can be phased out, and replaced with new ones, more-or-less like a "plugin", without needing to scrap the basic SSH system.
@boring7823
@boring7823 5 жыл бұрын
The encryption works in a very similar fashion to a modern SSL connection. A session key is generated with a Diffie Hellman or ECDH (DH ensures that only you and your suitor know this key), The server has a public/private keypair to prove it's identity which your client confirms is the same as the last time you connected. Dr Steve authenticated to the server using a public/private keypair on the client (which was encrypted on his disk using a password) for which the server has the public key in it's authorized_keys file. All the data is encrypted, usually with AES (but it can be chacha20-poly1305 or others) and the MAC is normally SHA256 based (or the one built into chacha20-poly1305). The public keys can also be several algorithms; RSA, ED25519,etc or even keys linked to certificates.
@fouzaialaa7962
@fouzaialaa7962 5 жыл бұрын
so if i intercept the negotiation phase or even decrypt the packets with all known encryption on ssh i can get the data ??? is the negotiation itself encrypted ?? and how do they send the keys at first ??? and are the keys secured ??
@classawarrior
@classawarrior 5 жыл бұрын
@@fouzaialaa7962 There's a negotiation about which *method* to use for exchanging keys etc, but the exchange itself is secure. Look up Diffie Hellman for info on how keys can be established securely over an unsecured connection
@vishalmishra3046
@vishalmishra3046 4 жыл бұрын
Note that it would be better to compress before encryption to get higher compression ratio, rather than the other ordering.
@teekello
@teekello 5 жыл бұрын
SSH is really good. It even allows to connect ethernet layer VPN so you can have layer 2 or layer 3 if you wish vpn really easily and every machine supports that.
@BattousaiHBr
@BattousaiHBr 5 жыл бұрын
A VPN is not actually L2 by the way, some people call it L2.5.
@teekello
@teekello 5 жыл бұрын
It's L2. MPLS is more like Layer 2.5 -.- don't miss lead @@BattousaiHBr
@BattousaiHBr
@BattousaiHBr 5 жыл бұрын
@@teekello a VPN runs on top of L3, so how can it possibly be L2? the VPN interface is for all intents and purposes a L2 interface, but it runs on top of the L3 stack rather than on top of L1 or even other L2. this is why VPN is often called L2.5, among other encapsulation or tunneling protocols. when talking about MPLS VPNs, it's technically possible to get L2 transmission if you run it through something like ATM, but i think the standard method is on top of the IP layer.
@teekello
@teekello 5 жыл бұрын
@@BattousaiHBr yes I know. What's your point??? Wtf
@BattousaiHBr
@BattousaiHBr 5 жыл бұрын
@@teekello ? you called VPN a L2 connection when it isn't.
@ylstorage7085
@ylstorage7085 3 жыл бұрын
[question] what font is it @6:12? normal "a"s, clear distinction between O and 0, that's a keeper
@tpobrienjr
@tpobrienjr 4 ай бұрын
Thank you. With what you have said, I (almost) understand what I need.
@zxuiji
@zxuiji 4 жыл бұрын
But how do you protect the initial agreement between the 2? If a hacker has already seen that initial agreement the encryption won't matter to xem and xey can just decrypt it based on that initial agreement.
@GameplayandTalk
@GameplayandTalk 5 жыл бұрын
Great explanation, thanks!
@philippetrov4881
@philippetrov4881 5 жыл бұрын
What if there is a weakness in the hashing algorithm for the message authentication code and you somehow figure out for example what the message cannot be? I know it's abstract and non-practical idea... but I guess the mac can be encrypted as well (why not?).
@davidgillies620
@davidgillies620 5 жыл бұрын
The first thing I do when setting up a new SSH server is to set PasswordAuthentication to no. Passwords are evil. It takes a few seconds to generate a key pair and add the public key portion to the authorized_keys file. It's amusing to see how rapidly script kiddies start banging on port 22 when you open it on your firewall (within a minute, usually) but they will try in vain if you are using public key access (I like ECDSA-521 and RSA with at least a 2048-bit modulus).
@art_faith
@art_faith Жыл бұрын
+ port knocking.
@aaronschwartz-messing4701
@aaronschwartz-messing4701 3 жыл бұрын
If the sniffer intercepts the initial messages that are used to establish the encryption that they will be using then it should be able to decrypt all of the packets correct? Why does this not appear to be a concern?
@gvaidya1
@gvaidya1 3 жыл бұрын
I was thinking the same thing!
@gloverelaxis
@gloverelaxis 4 жыл бұрын
please do a video on packet sniffing & the transport and network layers of TCP/IP!
@susmitislam1910
@susmitislam1910 3 жыл бұрын
What if someone sniffs during the time when the server and the client decide on the encryption protocol?
@Steve-Richter
@Steve-Richter 4 жыл бұрын
What prevents code on the local system from reading private keys and then using those keys to login to a remote systems?
@kornbread5359
@kornbread5359 4 жыл бұрын
Steve Richter i assume you found answer by now but.. permissions. TempDisable root make unprivileged user and add user to sudoers group, is the way i did it.
@lawrencedoliveiro9104
@lawrencedoliveiro9104 4 жыл бұрын
3:18 Presumably there are additional checks somewhere to ensure the packet length is sane. Otherwise you could fiddle those first four bytes to some random bizarre values and cause mischief that way. Because remember the MAC at the end has to be found via the packet length, so you can’t verify that until you are sure of the packet length!
@rlamacraft
@rlamacraft 4 жыл бұрын
Lawrence D’Oliveiro what kind of length values might cause mischievous behaviour? Are you thinking what if the receiver is susceptible to a buffer overflow, or something?
@kwakubiney5175
@kwakubiney5175 Жыл бұрын
@@rlamacraft No I think he means if the packet length is altered, the receiver will not know how far to read into the payload and might miss some packet data.
@poer__jiyo3104
@poer__jiyo3104 5 жыл бұрын
Thank you sir, good job 🍉
@reizhustenistdoof
@reizhustenistdoof 5 жыл бұрын
That timing tho. I know some of my class mates got asked about exactly this yesterday in the oral exam.
@jdcb18
@jdcb18 5 жыл бұрын
Do an rsync too please
@wedusk
@wedusk 5 жыл бұрын
+1
@lawrencedoliveiro9104
@lawrencedoliveiro9104 4 жыл бұрын
rsync is so cool. You know Andrew Tridgell developed it for his PhD thesis?
@bit2shift
@bit2shift 4 жыл бұрын
rsync is literally a swiss army knife for copying/moving files around locally and between machines.
@josephgaviota
@josephgaviota 2 жыл бұрын
I've used rdist for 30 years; but have heard rsync is better. Will need to try it out.
@darylallen2485
@darylallen2485 5 жыл бұрын
You mention X windows using an encrypted tcp connection to poet 6000. I've always known ssh to use a standard port 23. When did that become the standard?
@chocolate_squiggle
@chocolate_squiggle 2 жыл бұрын
ssh uses port 22. The older unecrypted telnet protocol uses port 23.
@darylallen2485
@darylallen2485 2 жыл бұрын
@@chocolate_squiggle you are correct. Only thing i can think of is i made a typo on my cell phone 2 years ago.
@Pedritox0953
@Pedritox0953 5 жыл бұрын
EXCELLENT WORK!! well explained
@ESTEBANTMAN
@ESTEBANTMAN 5 жыл бұрын
Thanks for this videos!!
@blorgon
@blorgon 2 жыл бұрын
Where can I buy that shirt?
@SupperBin
@SupperBin 4 жыл бұрын
Is that an amiga 1000 in the background?
@scottfranco1962
@scottfranco1962 2 жыл бұрын
Scribbling on greenbar... that takes me back.
@justinjustin7224
@justinjustin7224 5 жыл бұрын
Where is that video on gallois fields that was teased at the end of the last isbn video? I’ve just been sitting by hoping you’ll post the video soon, but now I’m starting to worry that there isn’t a video being made.
@Computerphile
@Computerphile 5 жыл бұрын
It is planned but it hasn't been shot yet! >Sean
@justinjustin7224
@justinjustin7224 5 жыл бұрын
Computerphile yay, thanks for the response! I shall wait patiently and keep my eye out for the video.
@vladislavkaras491
@vladislavkaras491 7 ай бұрын
Thanks for the video!
@ahmadatlam
@ahmadatlam 5 жыл бұрын
I love this channel !! But I am wondering why in 2019 such an amazing computer science department has that much dot-matrix printer paper ?? What do you guys do with that printer ??
@x--.
@x--. 5 жыл бұрын
It's a style choice for these videos, as for the reason the dept has it... if it ain't broke?
@napalm3899
@napalm3899 4 жыл бұрын
They use it to trigger people in youtube comments.
@modolief
@modolief 5 жыл бұрын
Wow, I started watching this video, but only out of the corner of my eye, and I looked at the monitor on the desk and thought: "What is that huge black cube??" -- optical illusion
@JamesBos
@JamesBos 5 жыл бұрын
When you say the padding is a random number of whatever, is this akin to a salt when encrypting passwords for example?
@JivanPal
@JivanPal 5 жыл бұрын
It's more for the purpose of obfuscation, allowing the SSH packet length to be some fixed number, and thus not allowing an attacker to deduce anything useful about what the payload might be. *_EDIT:_* It does also act as a salt, since we can have equivalent payloads which, even if encrypted using a simple block cipher, result in different ciphertexts due to having different randomly generated padding.
@RealityCheck6T9
@RealityCheck6T9 3 жыл бұрын
Thanks, really enjoyed
@kylaxcry
@kylaxcry 4 жыл бұрын
Is there any limitation for ssh or channel from a machine to vast amount of routers/switches? We can't make more than 60 SSH connection simulatneouly.
@BLABLABLA-kl8eq
@BLABLABLA-kl8eq 4 жыл бұрын
What do you mean "we cant make". For example cisco switches can have only opened max 16 connections to single switch. But it doesnt mean that switch cant forward SSH packets to different devices.
@kylaxcry
@kylaxcry 4 жыл бұрын
@@BLABLABLA-kl8eq when we establish 20 SSH cxns from a windows server to different routers/switches. We try to open new SSH cxns to different routers but new cxns holds or directly closed.
@BLABLABLA-kl8eq
@BLABLABLA-kl8eq 4 жыл бұрын
@@kylaxcry Tahts interesting. What kind of ssh client are you using? at this point it soudns more like client limitation/configration. Did you try on different ssh client? like instead of putty try mremote ng? Or moba xterm?
@BLABLABLA-kl8eq
@BLABLABLA-kl8eq 4 жыл бұрын
@@kylaxcry Just to be sure Lets say you have hosts A,B,C,D to which you want to crate ssh connections. After creating 20 connections (like 15 to host A and 5 to host B, you cant create new connection to any of other hosts ? Like host C?
@kylaxcry
@kylaxcry 4 жыл бұрын
@@BLABLABLA-kl8eq We use openSSH with Python's Paramiko Library. Each SSH cxn we make is unique from one server to unique devices (only cisco, huawei routers). We only wait a second for creating a new cxn to a new device using asynchronous programming.
@kingofsedang
@kingofsedang 4 жыл бұрын
Can you connect to a Bulletin Board System using Secure Shell Protocol (SSH) instead of Telnet?
@IlliterateSorcerer
@IlliterateSorcerer 3 жыл бұрын
...yeah...
@12345charliebrown
@12345charliebrown 5 жыл бұрын
would'nt it be possible to pose as an ssh server during the handshake process?
@JeremyStreich
@JeremyStreich 5 жыл бұрын
The first handshake, yes. The subsequent handshakes, however, compare the public key it just got and compares it to the key in its local store. If the two are different, SSH complains. That means you should always get the fingerprint through offline means before connecting to a new service over SSH.
@dirik009
@dirik009 3 жыл бұрын
Fun video. I have noticed something, when i minimise this video on yt app to bottom bar your shirt looks like static on a tv without signal. Anyone nows why is that?
@napukapu
@napukapu Жыл бұрын
The way you pronounced Tatu Ylönen made me burst a lung laughing
@1sleepingleg
@1sleepingleg 3 жыл бұрын
Thousands of dollars worth of equipment and homeboy busts out the green sharpie and some printer paper from 1985. I love KZbin.
@umageddon
@umageddon 4 жыл бұрын
i was hoping he would explain how a 3rd party cant sniff the establishing encryption 'rules' and thus be able to decrypt later data
@samyamaryal7231
@samyamaryal7231 3 жыл бұрын
once a connection is established between a server and a client, "handshaking" is done to ensure that the connection has been made with the right computer. An asymmetric encryption is done between the computers to generate and transport keys for symmetric encryption. The symmetric keys are hence used to encrypt and decrypt data. Now what happens is, computer A generates two keys for asymmetric encryption : public and private. A public key is sent over to computer B which encrypts the symmetric key using the public key it recieved. Here, the public key can only encrypt and the private key can only decrypt data. The encrypted symmetric key is sent back to computer A, which decrypts it using its private key and generates the symmetric encryption key. This way, both computers have a symmetric key which can be used to encrypt/ decrypt the data sent and received over the connection. The 3rd party cannot sniff the encryption "rules" (or the symmetric key) because it has been encrypted by a public key before transmission, and can only be decrypted with a private key, which hasn't been sent over the network.
@danielcalle9700
@danielcalle9700 3 жыл бұрын
Buenas, amigo el tema no conozco, trato entender, me puedes pasar esa snota, estudio. comandos en unix con ssh./ gracias
@user-ln6bq1gc9t
@user-ln6bq1gc9t 3 жыл бұрын
you people are awesome
@mistercohaagen
@mistercohaagen 5 жыл бұрын
How do you even have dot-matrix printer paper in 2019?
@Neumah
@Neumah 5 жыл бұрын
Because they haven't use them for printing in ages so the stockpile never gets used up?
@mistercohaagen
@mistercohaagen 5 жыл бұрын
@@Neumah Nah... My theory is frivolous use of time machine.
@Neumah
@Neumah 5 жыл бұрын
@@mistercohaagen ...or that.
@mytech6779
@mytech6779 5 жыл бұрын
Tractor feed is very robust for industrial applications. Common office printers are flimsy junk with unreliable pickup and feed leading to jams and lost prints when removed from the nice clean, low vibration, and air conditioned environment. In short, tractor feed paper is still produced and sold.
@Christophe_L
@Christophe_L 5 жыл бұрын
It's still used a lot.
@goetzp
@goetzp 5 жыл бұрын
Thus video misses the really interesting point how the encyption key is exchanged between the two sides in a secure way. It also doesn't mention how to ensure that the foreign host is the one it pretends to be.. The role of the files "known_hostx" and "authorized_keys". Maybe you could explain these in a follow up video ?
@Reddy19800
@Reddy19800 5 жыл бұрын
simply super.
@web3satoshi
@web3satoshi 3 жыл бұрын
always have something to set-off the day with ///
@GabrieleBonetti
@GabrieleBonetti 5 жыл бұрын
why is padding encrypted given they would be equally random bytes before and after encryption?
@tenminutetokyo2643
@tenminutetokyo2643 3 жыл бұрын
Toast and Jam! I used to be tech lead on that product.
@_aullik
@_aullik 5 жыл бұрын
3:40 shouldn't the message authentication code be encrypted aswell?
@boring7823
@boring7823 5 жыл бұрын
1) Because you don't want to spend CPU time decrypting a broken message. 2) Because you want to expose as little code as possible to malicious packet. However, it's even better (and faster) if the encryption and MAC are the same algorithm like with chacha20-poly1305 or AES-GCM.
@baseradius3907
@baseradius3907 5 жыл бұрын
I would've liked a bit more detail... but.. I guess.. that's really all there is to SSH :)
@Derbauer
@Derbauer 5 жыл бұрын
i still dont get it. is it like a browser vpn?
@zyghom
@zyghom 2 жыл бұрын
ssh is probably the most important tool (lower level type like)
@Alexthebrokkie
@Alexthebrokkie 4 жыл бұрын
Thank you !
@patrickjones9474
@patrickjones9474 2 жыл бұрын
Nice video
@automotiveprogramming
@automotiveprogramming 5 жыл бұрын
YES
@florisbollen3770
@florisbollen3770 5 жыл бұрын
Does anyone now how to setup an account on the other machine? When I do ssh -v myHost, it'll ask for a password for the user myName@myHost
@morethanyell
@morethanyell 5 жыл бұрын
Petition for computerphile to do Unix commands History, Uses, Tips, and Tricks
@niknookyt
@niknookyt 4 жыл бұрын
So what is an ssh booter?
@noahwolton7662
@noahwolton7662 5 жыл бұрын
What does it mean to forward a connection?
@danya023
@danya023 5 жыл бұрын
I understood this as meaning encapsulation, which means that when you want to establish a channel of communication over SSH, what you do is authenticate using the SSH protocol, then you say "create channel 1" down the wire, and then you send as individual SSH packets "send 'hello' to channel 1", "send 'world' to channel 1", and the program listening on channel 1 of the connection is going to just see "hello world". This way, you've forwarded a connection, over which you've just sent "hello world", over SSH, but the program doesn't care about what was happening at the SSH level.
@raghul1208
@raghul1208 Жыл бұрын
excellent
@l105669
@l105669 5 жыл бұрын
The story how ssh got allocated port 22 is also abit interesting.
@Cobalt985
@Cobalt985 5 жыл бұрын
Telnet is port 23?
@AndersJackson
@AndersJackson 5 жыл бұрын
Please tell so we can see if it worth investigate.
@damnmab
@damnmab 5 жыл бұрын
There is no story. Port 22 was free. Developer wrote an email requesting it be reserved for ssh. Request was granted.
@AndersJackson
@AndersJackson 5 жыл бұрын
@@damnmab as it should be then. Nothing that to look into.
@unlokia
@unlokia 5 жыл бұрын
Is "abit" like "rabbit", only a bit shorter?
@Risorahn
@Risorahn 5 жыл бұрын
The computer to the left makes me think of Pageant's icon for some reason.
@shravan.shandilya
@shravan.shandilya 5 жыл бұрын
Good video
@AP-dc1ks
@AP-dc1ks 5 жыл бұрын
I only watched to correct Steve. 3:34 Unless you select specific 3rd party or otherwise dubious algorithms, the packet length field is also encrypted. In particular, the demo algorithms at 6:00 do encrypt the packet lenght field.
@Larstig81
@Larstig81 5 жыл бұрын
I did this once for fun with Windows on my home computer which I connect from my computer at school. It was slow but it works. This was many years ago. I think it was with WinXP or Win2k.
@johnhack67
@johnhack67 2 жыл бұрын
thanks
@patu8010
@patu8010 5 жыл бұрын
I didn't know it was developed by a Finnish guy
@jl_woodworks
@jl_woodworks 3 жыл бұрын
Finnish guys have always built relevant software. :)
@mylesfranco3545
@mylesfranco3545 3 жыл бұрын
But why am I not surprised
How TOR Works- Computerphile
14:19
Computerphile
Рет қаралды 1,7 МЛН
SSH Keys
10:12
RobEdwards
Рет қаралды 89 М.
have you already done this?😭🙏❓
00:19
LOL
Рет қаралды 6 МЛН
Is That Lipstick On His Neck??
00:13
Polar
Рет қаралды 7 МЛН
Smart Boy 😎👍 #shorts #dednahype
00:28
dednahype
Рет қаралды 21 МЛН
3 НОЧИ в Замке с привидениями | GhostBuster
1:03:33
Дима Масленников
Рет қаралды 9 МЛН
Life is a continuum, not a binary.
5:02
Ponderings
Рет қаралды 4
How SSH Works
8:54
Mental Outlaw
Рет қаралды 414 М.
What Happens When I Press a Key? - Computerphile
12:29
Computerphile
Рет қаралды 241 М.
Why is this number everywhere?
23:51
Veritasium
Рет қаралды 1,3 МЛН
9 - Cryptography Basics - SSH Protocol Explained
17:02
CBTVid
Рет қаралды 30 М.
Where GREP Came From - Computerphile
10:07
Computerphile
Рет қаралды 926 М.
Breaking RSA - Computerphile
14:50
Computerphile
Рет қаралды 344 М.
How a VPN Works
9:04
Animagraffs
Рет қаралды 218 М.
SHA: Secure Hashing Algorithm - Computerphile
10:21
Computerphile
Рет қаралды 1,2 МЛН
How DNS Works - Computerphile
8:04
Computerphile
Рет қаралды 447 М.
have you already done this?😭🙏❓
00:19
LOL
Рет қаралды 6 МЛН