vault backup: 2023-04-17 11:06:55

content/notes/13-ssh.md

@@ -71,6 +71,45 @@ Keys
 - Server Key 
 	- A temporary, asymmetric key used in the SSH-1 protocol. 
 	- It is regenerated by the server at regular intervals (by default every hour) and protects the session key 
+	- not relevant anymore
 - Session Key 
 	- A randomly generated, symmetric key for encrypting the communication between an SSH client and server.
 
+> [!INFO] keys
+> should be either very long or very complex
+>  a long key can have simple operation
+>  a short key needs to have a more complex algorithm
+
+Data Encryption/Integrity 
+- Encryption 
+	- Use ciphers to encrypt and decrypt data being send over the wire 
+	- Block cipher such as DES, 3DES, use a shared key (session key) 
+	- Agree which cipher use during connection setup 
+	- Session keys are randomly generated by both the client and server, after host authentication and before user authentication 
+- Integrity 
+	- Simple 32-bit CRC in SSH1 
+	- Message Authentication Code (MAC) in SSH2
+
+Threats Addressed by SSH 
+- Eavesdropping or Password Sniffing 
+	- All transmitted data is encrypted 
+- Man-in-the-middle attack (MITM) 
+	- Host authentication 
+	- Can not happen unless the host itself has been compromised 
+- Insertion and Replay attack 
+	- Attacker is not only monitoring the SSH session, but is also observing the keystrokes 
+	- By comparing what is typed with the traffic in the SSH stream, the attacker can deduce the packet containing a particular command, and replay the command at a particularly inappropriate time during the session. 
+	- Message authentication code prevents such attacks.
+
+Threats Not Addressed by SSH 
+- Password Cracking 
+	- recovering passwords from data that has been stored or transmitted 
+- IP and TCP attacks 
+	- Syn Flood 
+	- IP Fragment Attacks 
+	- ... 
+- Traffic Analysis 
+	- deduce information from patterns in communication 
+	- can be performed even when the messages are encrypted
+	
+