HomeОбразованиеRelated VideosMore From: Computerphile

How Secure Shell Works (SSH) - Computerphile

5076 ratings | 201346 views
Connecting via SSH to a remote machine is second nature to some, but how does it work? Dr Steve Bagley. Dr Mike Pound on Hashing (mentions padding but full video on padding is planned to follow): https://youtu.be/DMtFhACPnTY https://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Computer Science at the University of Nottingham: https://bit.ly/nottscomputer Computerphile is a sister project to Brady Haran's Numberphile. More at http://www.bradyharan.com
Html code for embedding videos on your blog
Text Comments (234)
Harsh Agrawal (15 days ago)
Is he talking to himself, sorry was not able to understand,I need earplugs I guess
Peter Mortensen (25 days ago)
In this video, I was expecting something about how SSH keys actually work.
User968 (1 month ago)
I love your ataris in the background.
Vasireddy (1 month ago)
simply super.
Seif Eddine (1 month ago)
Can you translate your videos into Arabic?
Ahmad Atlam (1 month ago)
I love this channel !! But I am wondering why in 2019 such an amazing computer science department has that much dot-matrix printer paper ?? What do you guys do with that printer ??
x (1 month ago)
It's a style choice for these videos, as for the reason the dept has it... if it ain't broke?
csjoeker (2 months ago)
24 years and you dont even talk about establishing connection and the keys. wow
Cem Sinan (2 months ago)
I love how computer scientists are the ones create digital services but cannot let go of paper and pen lol
Jeremy Streich (1 month ago)
The people in most of Brady's videos are professors. They are used to teaching on whiteboard, blackboard, or overhead projector. That said, I often have a notebook handy when coding to draw out a UML diagram, flow chart or data structure so that I can think about edge cases. Maybe I need to ask my boss for a Wacom tablet.... lol.
hundredvisionsguy (2 months ago)
Thanks. This was informative. I have a question about channels. Do I understand correctly that it's the channel that deals with the "handshake" and private/public key encryption/decryption? Or is it something else?
Pedritox0953 (2 months ago)
EXCELLENT WORK!! well explained
Ted Gabara (2 months ago)
Today I learned what verbose means and does
Antonio Della Porta (3 months ago)
I think there's an error when talking about the packet format. The SSH2's specifications (RFC4253, section 6.3) states as follow: "When encryption is in effect, the packet length, padding length, payload, and padding fields of each packet MUST be encrypted with the given algorithm.". So the packet is all encrypted except the MAC field. Anyway great job as always with bringing such contents, thank you!
Jeremy (3 months ago)
Nice tutorial. Thanks. Would talk more about the key exchange and establishing process you omitted for the purpose of this video at around 4:00?
Daryl Allen (3 months ago)
You mention X windows using an encrypted tcp connection to poet 6000. I've always known ssh to use a standard port 23. When did that become the standard?
The EpicSlayer7 SSS (3 months ago)
\the problem i find in encrypted transmissions is that you need a "key" to decrypt the data... so if the connection is compromised from the start, you never actually have encrypted data since the key is sent unencrypted... (in other words you compromise your self in the initial handshake!)
dravorek (3 months ago)
That's not true and now how it works. If you have a man in the middle that just reads the conversation there is no way he can decrypt it. The initial key that gets send over is just the public key for the other end to encrypt the message containing the key to decrypt the following messages it sends. So even if you make a full paket dump from any end of the connection you still can't decrypt it with just the information inside the paket stream. You might say, ok but "what If I have a MITM that can actually manipulate the packages send/received from one end?". Well that's what we have certificate authorities and keychains for. What if you have a compromised CA in the root-key store? Well let's just say 'ok the CIA can ruin your day if they're really motivated', but your run-of-the-mill threat-model will probably not include that scenario. Event without CAs you still have fingerprint checks, so you would need to have the modifying MITM the very first time you connect to the machine and every time after that too or it would be noticable.
poer_ _jiyo (3 months ago)
Thank you sir, good job 🍉
Zeda Thomas (3 months ago)
Thanks for the subtitles! The auto-generated ones can be pretty inconsistent.
Matty L (3 months ago)
Why the f does he use apple monitors
David Gillies (3 months ago)
The first thing I do when setting up a new SSH server is to set PasswordAuthentication to no. Passwords are evil. It takes a few seconds to generate a key pair and add the public key portion to the authorized_keys file. It's amusing to see how rapidly script kiddies start banging on port 22 when you open it on your firewall (within a minute, usually) but they will try in vain if you are using public key access (I like ECDSA-521 and RSA with at least a 2048-bit modulus).
lapto p (3 months ago)
If a hacker listens to initial call from client to server, and fetches the encrypt algorithm, can he listens to connection and decrypt data?
Lauren Doe (3 months ago)
Ok, I admit I'm ignorant... but you never once explained how it WORKS - ie, why is this secure and what prevents a packet sniffer from decrypting the packet the same way the intended server does it?
Shravan Shandilya (3 months ago)
Good video
modolief (3 months ago)
Wow, I started watching this video, but only out of the corner of my eye, and I looked at the monitor on the desk and thought: "What is that huge black cube??" -- optical illusion
QWERTY1980 (3 months ago)
Those Macs though...overpriced pos in a snobby wrapper
Gameplay and Talk (3 months ago)
Great explanation, thanks!
Ankit Shrivastav (3 months ago)
I want to to masters in cyber security...what's the best place for that
Noah Wolton (3 months ago)
What does it mean to forward a connection?
Danya G. (2 months ago)
I understood this as meaning encapsulation, which means that when you want to establish a channel of communication over SSH, what you do is authenticate using the SSH protocol, then you say "create channel 1" down the wire, and then you send as individual SSH packets "send 'hello' to channel 1", "send 'world' to channel 1", and the program listening on channel 1 of the connection is going to just see "hello world". This way, you've forwarded a connection, over which you've just sent "hello world", over SSH, but the program doesn't care about what was happening at the SSH level.
sharkbyte FPV (3 months ago)
Would love to see a video about MOSH from you guys! Thanks, appreciate your work
Paul Sander (3 months ago)
Have you considered doing an episode about BEEP (or BXXP)? This is a standard stream multiplexing protocol as described in RFC's 3080 and 308.
MartBro93 (3 months ago)
Do a review on the Uptrennd platform !! :)
A P (3 months ago)
I only watched to correct Steve. 3:34 Unless you select specific 3rd party or otherwise dubious algorithms, the packet length field is also encrypted. In particular, the demo algorithms at 6:00 do encrypt the packet lenght field.
Base*Radius (3 months ago)
I would've liked a bit more detail... but.. I guess.. that's really all there is to SSH :)
akywon (3 months ago)
SSH is a protocol for sharing files between two computers. The SHA256 NSA encryption is applied for the transmission of data, as the packets don't get lost and it's based on a TCP connection.
akywon (3 months ago)
​+MyTech SHA256 role in SSH as a one way function is that SSH will ask you for a finger print, when that is mentioned SHA256 will hash your characters as your "ID" which is a long cryptographic hash string in an SSH file for communication for two computers. You can then do authentication for your remote computer for file sharing between the two computers. We are hashing characters to protect the integrity of the data not to perform a brute force attack. These are the only ways SHA256 or SHA512 is applied.
akywon (3 months ago)
+MyTech @MyTech SHA256 was designed for message digests, it's what's used as a layer for information security in applications and if you knew how SSH worked you would know that SHA256 is a cryptographic hash function, but it can also be misused in computation referring to what you mentioned a "hashing algoritihm" used for password cracking. Hashing algorithms serve the purpose of computation among inputs for a desired outcome and that's not applied in SSH, it's based on authentication.
Semih Tok (3 months ago)
SFTP is a protocol for sharing files between two computers.
MyTech (3 months ago)
SHA256 is a non-reversible hash algorithm not an encryption. Blowfish-cbc, aes256-cbc, and aes256-ctr are encryptions.
Gabriele Bonetti (3 months ago)
why is padding encrypted given they would be equally random bytes before and after encryption?
goetzp (3 months ago)
Thus video misses the really interesting point how the encyption key is exchanged between the two sides in a secure way. It also doesn't mention how to ensure that the foreign host is the one it pretends to be.. The role of the files "known_hostx" and "authorized_keys". Maybe you could explain these in a follow up video ?
DerBauer (3 months ago)
i still dont get it. is it like a browser vpn?
Leomar Pérez (3 months ago)
The university that I studied was still using telnet only a few years back they started implementing ssh for enrollment process. smh
Esteban Rodríguez (3 months ago)
Thanks for this videos!!
clearmenser (3 months ago)
Please don't blur for security. It's still readable. Use solid colored bars, for the love of Turing.
Philipp Blum (3 months ago)
Everyone should use LibreSSL ;) I know it is hard to get it run on your machine. More distros should use LibreSSL.
patu8010 (3 months ago)
I didn't know it was developed by a Finnish guy
Sebastiaan Hols (3 months ago)
This channel rocks like SSH.
Floris Bollen (3 months ago)
Does anyone now how to setup an account on the other machine? When I do ssh -v myHost, it'll ask for a password for the user [email protected]
Risorahn (3 months ago)
The computer to the left makes me think of Pageant's icon for some reason.
JD (3 months ago)
I had to use SSH to connect to a VPS I paid for, I could only get as far as connecting to it, I didn't know how else to use it or set up my website...... waste of a month subscription lol
12345charliebrown (3 months ago)
would'nt it be possible to pose as an ssh server during the handshake process?
Jeremy Streich (1 month ago)
The first handshake, yes. The subsequent handshakes, however, compare the public key it just got and compares it to the key in its local store. If the two are different, SSH complains. That means you should always get the fingerprint through offline means before connecting to a new service over SSH.
Philip Petrov (3 months ago)
What if there is a weakness in the hashing algorithm for the message authentication code and you somehow figure out for example what the message cannot be? I know it's abstract and non-practical idea... but I guess the mac can be encrypted as well (why not?).
John Redberg (3 months ago)
Mosh anyone?
James Bos (3 months ago)
When you say the padding is a random number of whatever, is this akin to a salt when encrypting passwords for example?
Jivan Pal (3 months ago)
It's more for the purpose of obfuscation, allowing the SSH packet length to be some fixed number, and thus not allowing an attacker to deduce anything useful about what the payload might be. *_EDIT:_* It does also act as a salt, since we can have equivalent payloads which, even if encrypted using a simple block cipher, result in different ciphertexts due to having different randomly generated padding.
Nikolaos Tsagkarakis (3 months ago)
why is that guy obsessed with the word "connection?"
OH6BPL (3 months ago)
SSH is really good. It even allows to connect ethernet layer VPN so you can have layer 2 or layer 3 if you wish vpn really easily and every machine supports that.
OH6BPL (3 months ago)
BattousaiHBr (3 months ago)
+OH6BPL ? you called VPN a L2 connection when it isn't.
OH6BPL (3 months ago)
+BattousaiHBr yes I know. What's your point??? Wtf
BattousaiHBr (3 months ago)
+OH6BPL a VPN runs on top of L3, so how can it possibly be L2? the VPN interface is for all intents and purposes a L2 interface, but it runs on top of the L3 stack rather than on top of L1 or even other L2. this is why VPN is often called L2.5, among other encapsulation or tunneling protocols. when talking about MPLS VPNs, it's technically possible to get L2 transmission if you run it through something like ATM, but i think the standard method is on top of the IP layer.
OH6BPL (3 months ago)
It's L2. MPLS is more like Layer 2.5 -.- don't miss lead +BattousaiHBr
Digital Insan1ty (3 months ago)
which video explains the padding and random data in the packets? It would be nice if that could be added to the description.
Recognize r (3 months ago)
Rsync over ssh works for me.
reizhustenistdoof (3 months ago)
That timing tho. I know some of my class mates got asked about exactly this yesterday in the oral exam.
Calin Culianu (3 months ago)
Dr Bagley -- you should consider reducing your sugar consumption drastically. No more sodas, cakes, candy bars, etc. Drink water, eat real food -- snack on nuts or something low in sugar.
Funny Geeks (3 months ago)
I know computerphile is trying to reach as wide an audience as possible, but I really hate how dumbed down the videos have gotten. I liked when they made videos about messing with specific data in TCP packets to bypass a router, or going through compiled assembly code to learn how c interprets code. I didn't care that I couldn't understand all of it immediately, I can just look up resourses online to understand the complex bits. Unsubbed.
Daniel Astillero (3 months ago)
Petition for computerphile to do Unix commands History, Uses, Tips, and Tricks
MichaelKingsfordGray (3 months ago)
Five uses of "data" as though it were a singular in the first 90 seconds. Could not stand to watch further. You SHOULD know better. Crikey! Are you not lecturing on this stuff?
GammaFunction (3 months ago)
8:36 Yeah, there's a lot of cool stuff you can do with ssh. Mentioned tunneling existing protocols, but just looking at all the flags in `man ssh[d]` and all the options in `man ssh[d]_config` can give you a taste of the flexibility it offers. Although all I typically use it for is remote login, and git:// over ssh. <offtopic>Actually, git would make for a cool series here. Get someone to explain git from the object level up, it'd make for a cool watch.</offtopic>
GMusic GM (3 months ago)
IPsec next??
Justin Eltoft (3 months ago)
I love that they use line printer paper 😂😂 most kids probably wonder what's with the holes on the sides??
Cheezy Dee (3 months ago)
The obvious answer for them is when you get your copy, you can waste time ripping the hole strips off. Like popping bubble wrap, but more official.
Bolt Strikes (3 months ago)
Only 90s kids will get this r/gatekeeping
Clockwork (3 months ago)
No, no one is wondering that
unlokia (3 months ago)
How to share your public key to a remote server, for password-less logins: cat ~/.ssh/id_rsa.pub | ssh <user>@<domain> 'cat >> /home/<username>/.ssh/authorized_keys' Not wanting applause, recognition, or needing to show my "skillz", because I'm a grown man and I don't need that, it's *just a helpful tip* 🙂 and it's an extremely basic tip, regardless.
unlokia (3 months ago)
SSHHHHH, it's a secret! 🤫🤫🤫
OpenGL4ever (1 month ago)
You didn't understand ssh. The used algorithmen is NOT the shared secret.
ferroviaire79 (3 months ago)
What is that Adaptec box always present on your videos? :)
Reckless Roges (3 months ago)
"How SSH works" after watching this I can neither write my own ssh client or perform key exchange with a remote server. (Maybe add "Part 1" to the title?)
Clockwork (3 months ago)
+Poke Champ i think he might be joking
Poke Champ (3 months ago)
It's theory behind it. Not a tutorial on how to use it. Are you new here?
TheSzymam (3 months ago)
josh mcgee (3 months ago)
perfect timing, I'm taking a networking course right now and they do a terrible job of explaining SSH
aullik (3 months ago)
3:40 shouldn't the message authentication code be encrypted aswell?
Robert de Bath (3 months ago)
1) Because you don't want to spend CPU time decrypting a broken message. 2) Because you want to expose as little code as possible to malicious packet. However, it's even better (and faster) if the encryption and MAC are the same algorithm like with chacha20-poly1305 or AES-GCM.
jezebel (3 months ago)
useful but not secure
Vanadain (3 months ago)
But it's trying to be.
Lars (3 months ago)
I did this once for fun with Windows on my home computer which I connect from my computer at school. It was slow but it works. This was many years ago. I think it was with WinXP or Win2k.
HiFi Auti (3 months ago)
So padding is similar to salting a hashed password?
Clockwork (3 months ago)
Not at all
Robert de Bath (3 months ago)
Not really. Sometimes it can be used as such, but normally padding is forced simply because encryption algorithms encrypt data in blocks of bytes (often 16 bytes). Nevertheless, if you've got to put bytes in there random is probably better than just zeros.
Nahid Islam (3 months ago)
I thought sshing was only a Mac and Linux (or you call it "UNIX") thing until I realise you can add it on Windows 10 via the "Add more features" preference page
TZCoder (3 months ago)
Its enabled by default in current Win 10 releases.
Tobias Damisch (3 months ago)
Better still, use putty or openssh under cygwin or mingw
Digi (3 months ago)
you mean you ever had a doubt in your mind that one of the most useful computing tools or their functional equivalents would not be universally available on all major platforms?
You know what grinds my gears? At 0:47 that iPhone is way too close to the edge of the table...
Reckless Roges (3 months ago)
yeah! (should be pushed off the edge into the bin.)
Oscar Hayford (3 months ago)
Telnet, rlogin and rsh worked fine B U T
Paul (2 months ago)
I am not racist B U T
Rich Wilson (3 months ago)
(Only _after_ my one Linux-based device failed did a simple version appear, not even requiring an installer IIRC.) I'd always assumed it was some MShenanigans, but oh well... Still, good job on describing the process itself.
yeePlayz (3 months ago)
Super_Cool_Guy ! (3 months ago)
*no that's rubbish you can't read the blur ip address*
Dan Smoothback (3 months ago)
Discovering SSH was a game changer for me after i started playing with linux. I discovered SSH forwarding and it blew my goddamn mind. It's been a life saver in a lot of situations and I'll never forget the professor that showed me how to use it.
Anders Jackson (3 months ago)
Anyway, you should try emacs. Open the file "/ssh:[email protected]:file" or "/scp:[email protected]:'. Called Tramp mode. 😜
Anders Jackson (2 months ago)
I still remember when I discovered that I with scp could from machine A copy a file from machine B to C. Also that it could copy between two accounts on the same machine. 😜
Justin Justin7 (3 months ago)
Where is that video on gallois fields that was teased at the end of the last isbn video? I’ve just been sitting by hoping you’ll post the video soon, but now I’m starting to worry that there isn’t a video being made.
Justin Justin7 (3 months ago)
Computerphile yay, thanks for the response! I shall wait patiently and keep my eye out for the video.
Computerphile (3 months ago)
It is planned but it hasn't been shot yet! >Sean
Sourav Goswami (3 months ago)
Can you link those videos (thumbnail) after the main video in description?
Odis Clemons (3 months ago)
Damn I had no idea ssh had all these features.
Chris (3 months ago)
Read the manpage sometime, it's quite a nice read. I suggest doing that with all your commonly used commands; you'll be surprised what you'll learn.
Anders Jackson (3 months ago)
Just add the switch '-X' when you log in, then you can start xterm(1) or firefox(1) and get it displayed on your machine (if it supports X11, which there are programs in MS Windows, OSX and Linux that does).
Ff Ccc (3 months ago)
What’s the difference between TLS/SSL and SSH?
Robert de Bath (3 months ago)
Completely different protocols but they use many of the same encryption and authentication algorithms. TLS always wraps it's public keys in certificates and usually obeys the tags (like expiry dates) that are include in the certificate. SSH allows multiple channels in one TCP/IP connection, TLS does not. FTP with TLS is called FTPS; the ssh variant of FTP is called SFTP. Note: The SSL name was actually retired with SSL3.0 which has been considered completely insecure for several years now.
Martin Šalko (3 months ago)
I see this is not about Sams Crusty Pizzeria, or Silver Casino Platinum, or anything to do with Safe Christian Park, or Speed and Clarity Parcel service. Someone please get this.
fouzai alaa (3 months ago)
how does the encryption work ?? do both machines agree on a key to encrypt and decrypt ?? or do they use an existing keys ?? how is it done exactly ??
Dramob (2 months ago)
+Josh Parrish Nice analogy. I hadn't heard that one before!
Josh Parrish (3 months ago)
fouzai alaa I’m not smart enough to explain Elliptic Curve cryptography, but it relies on a similar premise. Check out Mike‘s videos on Diffie Hellman and Elliptic Curve cryptography on Computerphile. Their great!
Josh Parrish (3 months ago)
fouzai alaa Actually, no, you can not determine the keys from watching their clear-text communication. In the way key exchange algorithms like DH or ECDH work mathematically, the key negotiation messages shared over the public medium rely on private knowledge that the two parties have. It’s so sensible how it works, yet still blows my mind. Diffie Hellman key exchange is often explained with paint. If I have blue paint and you have red paint, we can publicly agree to mix our paints with yellow, and share our results. I then send you green paint in public view, you send me orange paint in public view. I combine the orange paint you sent with my private blue color, while you combine the green paint I sent you with your private red color. We both arrive at the exact same color paint, while no one else could have without knowing the private red or blue. Obviously, paint colors are too simplistic for the math behind this, but the premise remains. The math behind this is modular arithmetic (extremely difficult to undo - basically just brute force guessing), resulting in what’s known as the discreet logarithm problem. This still requires authentication of the key exchange messages, as someone could perform a MITM attack between us (someone could send me some other color paint, saying it’s from you and establish a shared color with me, while I’m convinced that it was you who sent it.) So, DH is often authenticated with RSA digital signatures, or perhaps other signature algorithms, another marvel.
classawarrior (3 months ago)
+fouzai alaa There's a negotiation about which *method* to use for exchanging keys etc, but the exchange itself is secure. Look up Diffie Hellman for info on how keys can be established securely over an unsecured connection
TITUS (3 months ago)
Adi SGH (3 months ago)
SSH is an amazing tool and it has capabilities the Windows world can't even dream of.
Kernels (3 months ago)
WIndows 1803 has OpenSSH server and client now. Pretty gute. Enable it from Settings>Optional Features Then Security>Developers>Enable SSH server
Cheezy Dee (3 months ago)
So are the developers of Putty going to sue for antitrust violations?
Michael Pulliam (3 months ago)
Just to add to it, there's also an ssh server in beta for Windows (built in!) as well. So much better than the nonsensical remote shell they had before.
Whomping Walrus (3 months ago)
You've always been able to just download an SSH client on Windows, & the same for x11 forwarding. I don't see the problem.
Matthias Bruynooghe (3 months ago)
Windows has a ssh client and server altough i think x11 forwarding from linux is not supported
mistercohaagen (3 months ago)
How do you even have dot-matrix printer paper in 2019?
Cassiano Campes (3 months ago)
Man, that is exactly what I was wondering. Furthermore, why does he use a green color marker in that paper? That is not a proper color for it.
Andrew Frink (3 months ago)
they are also used where there is a need to print directly on triplicate, quadruplicate, etc.
Christophe L (3 months ago)
It's still used a lot.
Azor Ahai (3 months ago)
Somebody summon Justin Y.
Kernels (3 months ago)
Ehh?? Why the hate??
BurgerKingHarkinian (3 months ago)
No, hire a hitman to get rid of this pathetic excuse of a human being.
Henrix98 (3 months ago)
Christian Magnus Lie (3 months ago)
The story how ssh got allocated port 22 is also abit interesting.
Tariq (3 months ago)
+superscatboy He was asking for the pronunciation, not the meaning of 'abit'.
Chris (3 months ago)
superscatboy This is the correct answer.
superscatboy (3 months ago)
+unlokia An abit is similar to an alot, but smaller.
unlokia (3 months ago)
Is "abit" like "rabbit", only a bit shorter?
Haha of course alpha finland invented ssh
Lucca Pellegrini (3 months ago)
What is saying? /s
Anders Jackson (3 months ago)
+hyperx alloy fps pelinäppäimistö what are you saying?
+Anders Jackson Im not sure what youre saying
Anders Jackson (3 months ago)
There was a huge knowledge about computer security there in the 1990:th, I don't know how it is now.
El Grincho (3 months ago)
Can't imagine life without SSH.
K o r b y (3 months ago)
+Anders Jackson I thought it's common knowledge that security is a feeling, not an achievable goal.
Sultan (3 months ago)
ok now explain reverse ssh.... please
D.O.A. (3 months ago)
Sampling Reality (3 months ago)
Jako1987 (3 months ago)
Tatu Ylöingjeng. Apology accepted!
Suvi-Tuuli Allan (3 months ago)
Nicholas Scott (3 months ago)
I remember back in 97, the university officially ended all support for non encrypted remote access, and we were all required to use SSH. Which worked fine. It also made for an excellent tunnelling tool when the same university tried blocking all access to P2P networks.
BattousaiHBr (3 months ago)
"congratulations, you played yourself."
Hemant Yadav (3 months ago)
+Eeroke Teach me master
TimDd2013 (3 months ago)
If that IP is something you wish to hide and you add a blurr to it (7:00) you might want to scramble it up a little more, as you can still kinda read it... Just saying.
Jeremy Streich (1 month ago)
+John Smith Until Fail2Ban or OpenSSL has a vuln that lets anyone enter or sit in the middle and read traffic.... Which has never happened, right? (I'm looking at you HeartBleed).
mauro foti (3 months ago)
+MrSlowestD16 pretty sure than 128 is a public ip class, I might be wrong though
MrSlowestD16 (3 months ago)
They're at a university, practically guaranteed to be behind a NAT, so the IP address is likely completely irrelevant to people outside the university's network.
David Saintloth (3 months ago)
Tangentialy, there are NN based models to de-blur images like that pretty trivially.
PleaseDontWatchThese (3 months ago)
It's a Easter egg for the true fans of the channel
Juan Diego Calle (3 months ago)
Do an rsync too please
Navonil Mukherjee (3 months ago)
Abdullah Naseer (3 months ago)
Do/explain some DDOSing samples plz
WarGamingRefugee (3 months ago)
+Abdullah Naseer yw
Abdullah Naseer (3 months ago)
WarGamingRefugee (3 months ago)
They have. Put "The Attack That Could Disrupt The Whole Internet - Computerphile" into YouYube's search box. It should come up as the first search result.
S L (3 months ago)
kade green (3 months ago)
How does the other machine (server in your example) know the key to initially decrypt the packet? Do they use an asymmetric encryption handshake to establish the session key for the ssh to encrypt the payload and padding to be passed through the ssh? Love the vids too
Anders Jackson (3 months ago)
+BladeRnR10 learn how to ask questions, there are plenty of web sites. Don't spend my time answering your question and doing your homework. That is being a douche too.
BladeRnR10 (3 months ago)
@ Anders Jackson. No need to be an Elitist douche.
BattousaiHBr (3 months ago)
SSH allows for many different encryption algorithm, typically RSA but pretty much everything else is supported on latest versions.
Anders Jackson (3 months ago)
+12345charliebrown don't ask, check then ask. It uses certificates on both direction. So you can't just put up an ssh server that logs and forward traffic to the right source. The connected ssh server must have the right certificates, or else it refuses to connect.
George Kettleborough (3 months ago)
That's the actual interesting part about SSH which is for some reason not covered in this video. It uses a combination of RSA and Diffie-Hellman to establish a shared secret key and a trust-on-first-use protocol to prevent man in the middle attacks.

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.