SSH stands for Secure Shell. It’s a communication protocol (like HTTP) for secure shell sessions on a remote machine. It uses public-key cryptography in one of two ways:
- With a password.
- Without a password.
For authentication, SSH uses public-key (aka asymmetric) cryptography, in which the public key performs one operation and the private key performs the opposite. For instance, to ensure message confidentiality, the public key encrypts (or locks) a message and the private key decrypts (or unlocks) it. As another example, to ensure message integrity, the private key signs a message and the public key verifies the signature. An additional layer of security can bind a public key to a identity – often this is the function of an X.509 certificate – to prevent man-in-the-middle attacks.
Open Padlock (Public Key)
An open padlock is similar to the public key. Anybody who has the open padlock can use it to lock a message.
Padlock’s Key (Private Key)
The padlock’s key is what the owner of the padlock can use to open a message. The padlock’s key is private – only the owner of the padlock has it.
Written Signature (X.509 Certificate)
The written signature is what anyone can use to verify that the padlock belongs to the owner.
Imaging the following private communication between two people named John and Jane. Jane has a padlock that contains John’s signature. She knows that if she locks a message with that padlock, only John will ever be able to read it. Here’s how it might happen:
- John buys a padlock with a key and pens his signature on it.
- John opens the padlock and sends it to Jane.
- Jane shows the open padlock to one of John’s friends, who verifies that the signature on it belongs to John.
- Checkpoint: Jane knows that she has a padlock that belongs to John.
- Jane writes a secret note for John, puts it in a box, locks it with John’s padlock, and sends it to John.
- John receives the box and opens the padlock with his key.
Jane is sure that only John can read the message. Hooray