SSH for Privacy and Anonymity: What You Need To Know

SSH-anonymity

SSH is a pretty complex concept to understand.

If you’re connected to a network then you can use technologies such as SSH to secure your data.

Okay. We already knew that you might say.

And we’ll agree with you.

Everybody knows that whenever you see the word “SSH” written anywhere, it means “more security than usual”.

But does that answer the real question?

What is SSH?

How does it work exactly?

Is it something you need to know about?

What if you just decide to not know anything about SSH and continue with your internet life without it?

Well, we’ll answer all those questions in the paragraphs that follow.

First of all, you should think of this post as a chapter.

We’ll be talking about some technical stuff related to the SSH and within that framework, we’ll also discuss the inner workings of the technology that is known as SSH.

So what should you do now?

Obviously, you have to read the whole post.

But don’t just read it.

Absorb it.

In other words, roll up your sleeves.

Then dive into this piece.

Take short (and sharp) bites on the information that is presented here.

That is one of the ways you can ensure that you learn everything there is to learn about SSH as a beginner.

So Who Is This SSH Guide For?

SSH-privacy

SSH can either make or break your privacy during online interactions.

Truth be told, if you just picked up a mouse and a keyboard (and a whole computer along with it), this piece may not be for you.

Of course, you can still read it though.

And benefit from your newfound knowledge.

From our perspective, this post is written for people who work in the IT sector.

People like,

  • System administrators
  • Security professionals all over the world
  • Network administrators

What is our goal then?
Our goal is education.

Education about everything there is to know about SSH.

This post will teach you a lot about SSH.

After reading this post you will be able to talk about SSH in an intelligent manner.

More importantly, you’ll be able to make technically firm decision over the use of SSH in your organization’s network.

What Are You Going To Cover Here?

Of course, this isn’t a complete course. It is not even a course.

When all’s said and done, this is a post.

A single post.

Apart from that, we’ll cover subjects such as SSH1 and SSH-2 protocols.

Our main focus will be how SSH can impact your privacy and anonymity while you are connected to the internet.

One thing to take note of is that SSH1 and SSH-2 protocols must be discussed separately.

Why?

Because they are different.

And the differences between the two are stark enough to merit their own sections.

This post isn’t supposed to be a reference.

Of course, the best source of reference on SSH and all things related are the official protocol standards.

You’ll do well to consult the source code of an/any implementation as well.

We won’t be analyzing protocols in their entirety.

Moreover, there is no need to talk about each and every step taken by any related software here.

Think of it as more of a summary than anything else.

Got it?

Great.

Let’s do this then.

SSH Features

SSH-security

First, you need to know why SSH1 is bad. Then you need to know why SSH2 is better

The whole list of an SSH features will probably take up several pages.

But we will list out the major features.

Along with those, we’ll also list of the “guarantees” that come with the SSH protocol.

These are as follows,

  • Privacy.
    In other words, protection of your data through complete privacy.
    How is privacy achieved?
    It is achieved through robust encryption
  • One other feature of SSH is its ability to maintain the integrity of all communications.
    What that really means is that the SSH basically guarantees that your communication has not been tampered with.
    No alteration, to sum it up.
  • Authentication.
    This feature is a very important one for the simple reason that the identities of the sender and receiver must be established.
    Rather rigorously.
    SSH does that through proofs of identity for both receivers and senders.
  • Authorization.
    By that, we mean sufficient access control to related accounts.
  • Encryption of TCP/IP sessions through techniques such as tunneling and forwarding.

So the first feature we’re going to handle here is privacy.

Privacy

You should understand the term privacy with another term.

Encryption.

Why?

That’ll become clear as you move forward in this post.

First, let’s answer some fundamental questions.

What is privacy?

Privacy, in its simplest terms, means data protection.

Data protection?

Yes.

You want to protect your data from getting exposed.

That is privacy.

Plain and simple.

However, if you’re working on a typical computer and are connected to a normal computer network then know this.

Regular computer networks do little to nothing to protect your data.

That is, your privacy isn’t guaranteed by any means when you communicate over regular computer networks.

Why is that dangerous then?

That is dangerous because a lot of people can gain access to your sensitive data by not doing much.

IN other words, if someone has access to the network’s hardware or even has a connection to the hosts that have connected to the same network then he/she can read all data.

By all data, we mean all data passes through the network.

You might have heard about terms such as sniffing.

This is sniffing.

But the problem is not as bad as it used to be.

Mainly because of modern switched networks.

What Modern Switched Networks?

You don’t need to know that.

What you need to know is that because of these networks, the problem of sniffing has reduced considerably.

We say considerably because they haven’t solved the problem entirely.

See, these modern switched networks only do the job if you’re connected to a local area network.

That does little to downgrade this problem from being a serious issue to a casual one.

It is one of the reasons why there are so many sniffing attacks.

The primary target of hackers and cyber criminals, in sniffing attacks, is to steal passwords.

It happens regularly.

A Google search should suffice you if you want to check up on that claim.

As mentioned before, the main way through which SSH provides privacy is through encryption.

More like heavy duty encryption on all the data that goes through the given network.

This is also known as end-to-end encryption.

And this method of encryption is based on two concepts.

Well, it is actually a single concept but since it takes place in two stages, we’ll just call it as two.

The end-to-end encryption that we mentioned previously is based on things called random keys.

These random keys are only meant for a particular session and are securely obtained.

After the session is over, these random keys are destroyed.

As far as session data goes, SSH is compatible with several encryption algorithms.

Some of these encryption algorithms include,

  • 3DES or Triple DES
  • DES
  • ARCFOUR
  • IDEA
  • Blowfish

All are basically standard forms of writing code.

What About SSH And Integrity?

 

What does integrity mean actually?

The overall concept is simple really.

When we talk about integrity with regards to technologies such as SSH we mean two things.

First, data sent from one end of a given network should not be changed on its journey.

Second, the data that has arrived at the other end of the network should be exactly the same as it was when it left the other end.

In other words, the state of the data should remain unaltered while in transmission.

And this assurance is what we call integrity when we talk about SSH.

The major technology on which SSH relies to transport information is TCP/IP.

TCP/IP, thankfully, has built-in integrity checking mechanism which can detect if an alteration has taken place in the network.

The obvious question that arises from this information is how does data get altered in the first place.

Well, the concept is pretty straightforward.

Network problems are about as inevitable as death and taxes.

But what kind of network problems are we talking about here?

We’re talking about network problems such as,

  • Lost packets (which occur regularly when there is a high amount of traffic on a network)
  • Electrical noise. More simply though, these are random fluctuations in any given electrical signal.

As we have already indicated, SSH has underlying mechanisms to deal with these network problems.

But with that said, these methods are not as effective as some believe them to be.

More specifically, they are ineffective against cyber attacks.

Or in other words, deliberate action by someone to tamper with the data on the network.

The Problem With SSH Now

Moreover, hackers and cyber criminals are clever people these days.

And with their modern tools, they can easily trick these methods and render them useless.

By now you must be wondering, “we just said that SSH had mechanisms in place against snooping, so how can hackers gain access to the network?”.

See, it is true that SSH encrypts any data that is in transmission.

And because of it, it is highly unlikely that a hacker can change parts of that transmitted data in order to achieve his/her negative goals.

But, TCP/IP’s built-in integrity checking cannot make up for the fact that hackers have advanced pretty quickly in the last couple of years.

To put it another way, TCP/IP can’t stop a hacker from deliberately injecting spam into your messages/session.

A More Complex Cyber Attack Example

Let’s say there is an attacker named “Kimbo” (also once an MMA fighter).

Kimbo likes to monitor people from his computer machine.

Now imagine, Kimbo is monitoring your SSH session.

Let’s take it up a notch now.

Not only is Kimbo monitoring your session, but also watching you.

Kimbo might be watching you by either being present near you physically or by recording the keystrokes on your keyboard.

Now, you’re busy doing your work.

During your work, you type out a command such as “rm -rf *” in order to remove some files from an unimportant directory.

But guess what?

Kimbo has seen you type out that command.

Now, of course, Kimbo can’t read any of your data because SSH encrypts every session’s data.

But Kimbo can do another very clever trick.

Kimbo can easily figure out one thing.

Mainly, you using a command that lead to a high amount of activity on your connection (all the processing power that goes into removing files from a directory).

Kimbo can easily correlate the two events.

Then, Kimbo can record that command by capturing the packets that contain the encrypted version of the rm -rf command.

Then Kimbo will wait for a while.

Until the user, you, work on something important in your home directory.

Kimbo sees you working in an important directory and then Kimbo injects those captured packages (which are basically bits) directory into your SSH session.

What happens next then?

That’s right.

All your files are erased because of that injection.

And you wouldn’t even know what caused the accident.

Your terminal isn’t going to give you hints either.

This Type OF Attack Is Called The Replay Attack

Why does Kimbo succeed?

Kimbo succeeds because there is nothing invalid about the packets Kimbo inserted into your SSH session.

Why?

Because Kimbo did not produce them.

Kimbo also could not possibly have produced them because your packets were encrypted because of SSH.

But you know what Kimbo CAN do?

Kimbo can copy those packets.

And then replay those packets at some later time.

While TCP/IP and its integrity check method are a solid technology.

It only performs the checks on a per-packet basis.

And because of that, Kimbo’s cyberattack goes undetected.

What’s The Solution Then?

 

The solution is to have TCP/IP check the integrity of the session data on a whole.

It must be applied to the whole data stream.

As indicated earlier as well, it must be ensured that the bits arrive at the destination exactly as they were sent from the sender terminal.

These bits, packets, should be sent in order.

And there should be no duplication.

That doesn’t hold true for SSH-2 though.

The ssh-2 protocol is a bit different.

It uses cryptographic integrity checking methods.

These methods are advanced in a couple of key ways.

First, SSH-2 protocol verifies if the data sent is intact in its original form.

That it hasn’t been altered.

Second, it also ensures if the transmitted data has been indeed sent from the other end of the encrypted connection.

To ensure this, SSH-2 makes use of keyed hash algorithms.

These algorithms are based on other technologies such as MD5 and SHA-1.

These keyed hash algorithms are trusted by the community and are well reputed.

SSH-1 Is Weaker Than SSH-2

SSH-1 doesn’t use such a strong integrity check method.

It uses a 32-bit cyclic redundancy check (sometimes written as CRC-32) for each packet which contains unencrypted data.

Conclusion

There are some other aspects of SSH technology that we have not discussed here.

We haven’t touched upon the,

  • Authentication
  • Authorization

And forwarding aspects of SSH.

We’ll discuss those in a future post.

So stay tuned.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.