Understand Secure Shell Packet Exchange

Available Languages

Download Options

  • PDF     (871.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (1.0 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (814.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:August 28, 2024
Document ID:222335

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes packet level exchange during Secure Shell (SSH) negotiation.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of basic security concepts:

    • Authentication
    • Confidentiality
    • Integrity
    • Key Exchange Methods

    Components Used

    This document is not restricted to specific hardware version.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. 

    SSH Protocol

    The SSH protocol is a method for secure remote login from one computer to another. SSH applications are based on a client–server architecture,connecting an SSH client instance with an SSH server.

                                                                                                                            

    SSH Exchange 

    1. The first step of SSH is called  Identification String Exchange.

     a. The client constructs a packet and sends it to the server containing:

      •  SSH-Protocol Version
      •  Software Version

    Client Protocol Version is SSH2.0 and Software Version is Putty_0.76.Client Protocol version is SSH2.0 and Software Version is Putty_0.76.

    b. The server responds with its own Identification String Exchange, including its SSH protocol version and software version.

    Server's Protocol Version is SSH2.0 and Software Version is Cisco 1.25Server's protocol version is SSH2.0 and Software version is Cisco1.25

    2. Next Step is  Algorithm Negotiation. In this step, both Client and Server negotiate these algorithms:

    • Keyexchange
    • Encryption
    • HMAC (Hash-based Message Authentication Code)
    • Compression
    1. The client sends a Key Exchange Init message to the server, specifying the algorithms it supports. The algorithms are listed in order of preference.

    Key Exchange InitKey Exchange Init

    Client Supported AlgorithmsClient Supported Algorithms

    b. The server responds with its own Key Exchange Init message, listing the algorithms it supports.

    c. Since these messages are exchanged concurrently, both parties compare their algorithm lists. If there is a match in the algorithms supported by both sides, they proceed to the next step. If there is no exact match, the server selects the first algorithm from the client's list that it also supports.

    d. If the client and server cannot agree on a common algorithm, the key exchange fails.

    Server Key Exchange InitServer Key Exchange Init

    3. After this, both sides enter the Key Exchange phase to generate shared secret using DH key exchange and authenticate the server:

    a. The client generates a keypair,  Public and Private  and sends the DH Public key in the DH Group Exchange Init packet. This key pair is used for secret key calculation.

    Client DH Public Key & Diffie-Hellman Group Exchange InitClient DH Public Key & Diffie-Hellman Group Exchange Init

    b. The server generates its own Public and Private Key pair. It uses the client's public key and its own key pair to compute the shared secret.

    c. The Server also computes an Exchange hash with these inputs:

    • Clients Identification String
    • Server Identification String
    • Payload of Client KEXINIT
    • Payload of Server KEXINIT
    • Servers Public-key from Host keys ( RSA Key Pair )
    • Clients DH Public key
    • Servers DH Public key
    • Shared Secret Key

    d. After computing hash, server signs it with its RSA Private key.

    e. The Server constructs a message DH_Exchange_Reply that includes:

    •  RSA-Public Key of Sever (to help the client authenticate the Server)
    •  DH-Public key of Server (for calculating the shared secret)
    •  HASH (to authenticate the server and prove that the server has generated the shared secret, as the secret key is part of the hash computation)

    Server DH Public Key & Diffie-Hellman Group Exchange ReplyServer DH Public Key & Diffie-Hellman Group Exchange Reply

    f. After receiving the DH_Exchange_Reply, the client computes the hash in the same way and compares it with the received hash, decrypting it using the server's RSA Public Key.

    g. Before decrypting the received HASH, the client must verify the server's public key. This verification is done through a digital certificate signed by a Certificate Authority (CA). If the certificate does not exist, it is up to the client to decide whether to accept the server's public key.

    note-icon

    Note: When you first SSH into a device that doesn't use a digital certificate, you may encounter a pop-up asking you to manually accept the server's public key. To avoid seeing this pop-up every time you connect, you can choose to add the server's host key to your cache.

    Server's RSA KeyServer's RSA Key

    4. Since the Shared secret is now generated, both endsl use it to derive these keys :

    •  Encryption keys
    •  IV Keys  - These are random numbers used as input to symmetrical algorithms to enhance security
    •  Integrity keys

    The end of the key exchange is signaled by the exchange of the  NEW KEYS' message, which informs each party that all future messages will be encrypted and protected using these new keys . 

    Client & Server New KeysClient & Server New Keys

    5. The final step is the Service Request. The client sends an SSH Service Request packet to the server to initiate user authentication. The server responds with an SSH Service Accept message, prompting the client to log in. This exchange occurs over the established secure channel.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    29-Aug-2024
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Salman Mahajan
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products