This is just a reading assignment, but you need a little more info than just "read sections X, Y, and Z".
You're going to be reading the SSH specification
RFC 4253: The Secure Shell (SSH) Transport Layer Protocol.
This is a pretty long document, and reading and internalizing the whole thing isn't
a reasonable expectation for this class. So you're going to have to target your
reading, making careful use of the table of contents and any other resources you find
to help you decide which pieces are helpful and which pieces you can and should skip.
Also, you may find some useful information in
RFC 4252: The Secure Shell (SSH) Authentication Protocol.
As usual with CS topics, Wikipedia may be quite handy in pointing the way.
Here's your goal: figure out the steps of a remote login using SSH, with particular attention
to the roles of Diffie-Hellman, RSA (or other public key), and prevention of both
eavesdropping and MITM attacks.
On Wednesday, we'll also bring Wireshark into the discussion so we can watch a session.
But in the meantime, I recommend that you run a few SSH sessions to see how they act.
By having the user experience of an SSH login in your mind, you'll be better equipped
to find what you need to find in the spec. Here are some recommendations.
- Get a terminal window open on a Mac or Linux machine (or in cygwin if you have
it on a Windows machine).
- Edit the file ~/.ssh/known_hosts if it exists (if not, you're in good shape
for this experiment already). If known_hosts contains a line starting with
"spectra.mathcs.carleton.edu", delete that line.
- (If you have, in the past, set up a public key on spectra in your account for
the computer you're working on, you'll want to delete it temporarily. It's in the
~/.ssh/authorized_keys file on spectra, which you could just move to some other
directory temporarily and move back later. This would require that you first login
to spectra, move authorized_keys out of the way, logout, and then do the known_hosts
thing on your local machine. If you don't know what I'm talking about here, then
you haven't done this, so you can ignore this paragraph.)
- Now, you've made spectra an "unknown" host according to SSH on your computer,
so you can watch the full sequence of SSH events from a user perspective. Just
execute "ssh yourusername@spectra.mathcs.carleton.edu". Some stuff will happen,
and you shouldn't hurry through it. Pay attention to what happens when, and keep
a copy of the transcript from the terminal window so you can later compare it
to the SSH spec and Wireshark scans.
- Also, once you have logged in to spectra (or even earlier in the process),
open another terminal on your local machine and watch for when known_hosts has
spectra added to it.
One last suggestion: sections 4, 6, and 7 of RFC 4253 will give you a good start.