SSH Key Exchange is one of the most critical security mechanisms in the SSH protocol. It ensures that clients and servers can securely negotiate session keys over insecure networks without exposing key information.
Purpose of Key Exchange
- Secure Session Key Negotiation: Securely establish shared keys over insecure networks
- Prevent Man-in-the-Middle Attacks: Ensure identity verification of both parties
- Forward Secrecy: Past sessions remain secure even if long-term keys are compromised
- Key Independence: Each session uses different keys
Key Exchange Algorithms
Diffie-Hellman (DH) Algorithm
Traditional key exchange algorithm based on the mathematical problem of discrete logarithms.
bash# Common DH groups diffie-hellman-group1-sha1 # 1024-bit (deprecated) diffie-hellman-group14-sha1 # 2048-bit (deprecated) diffie-hellman-group16-sha512 # 4096-bit diffie-hellman-group18-sha512 # 8192-bit
How it works:
- Both parties agree on public parameters (p, g)
- Each generates private keys (a, b)
- Calculate public values (A = g^a mod p, B = g^b mod p)
- Exchange public values
- Calculate shared secret (s = B^a mod p = A^b mod p)
Elliptic Curve Diffie-Hellman (ECDH)
Based on elliptic curve discrete logarithm problem, providing smaller key sizes for the same security level.
bash# Common ECDH algorithms curve25519-sha256@libssh.org # Recommended ecdh-sha2-nistp256 # NIST P-256 ecdh-sha2-nistp384 # NIST P-384 ecdh-sha2-nistp521 # NIST P-521
Advantages:
- Faster computation speed
- Smaller key sizes
- Better security
- Suitable for mobile devices
SSH Key Exchange Process
1. Algorithm Negotiation
shellClient -> Server: KEXINIT (list of supported algorithms) Server -> Client: KEXINIT (list of supported algorithms)
Both parties select the first mutually supported algorithm.
2. Key Exchange
shellClient -> Server: DH public value + signature Server -> Client: DH public value + signature + host key
3. Key Calculation
Both parties use DH public values to calculate shared secret, then derive:
- Encryption keys (for data encryption)
- MAC keys (for data integrity)
- IV (Initialization Vector)
4. Authentication
shellClient -> Server: NEWKEYS Server -> Client: NEWKEYS
Confirm key exchange completion, start using new keys.
Security Features
Perfect Forward Secrecy
Even if the server's private key is compromised, attackers cannot decrypt past sessions.
bash# Configuration to enable forward secrecy KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Key Reuse Protection
Prevents key replay attacks by generating new keys for each session.
Strong Random Number Generation
Uses cryptographically secure random number generators to ensure key unpredictability.
Configuration Optimization
Recommended Key Exchange Algorithms
bash# /etc/ssh/sshd_config # Prioritize Curve25519 KexAlgorithms curve25519-sha256@libssh.org # Fallback algorithms KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Disable Insecure Algorithms
bash# Disable SHA-1 algorithms KexAlgorithms -diffie-hellman-group1-sha1,-diffie-hellman-group14-sha1 # Disable weak DH groups KexAlgorithms -diffie-hellman-group1-sha1
Performance Optimization
bash# Use faster algorithms KexAlgorithms curve25519-sha256@libssh.org # Increase DH group size ModulusSize 4096
Security Best Practices
- Use Modern Algorithms: Prioritize Curve25519
- Regular Updates: Keep SSH software up to date
- Disable Weak Algorithms: Remove insecure key exchange algorithms
- Monitor Logs: Check for key exchange related errors
- Test Configuration: Use
ssh -Q kexto view supported algorithms
Common Questions
Q: Why do we need key exchange?
A: Key exchange allows both parties to securely negotiate keys over insecure networks without pre-shared keys.
Q: How is Curve25519 better than RSA?
A: Curve25519 provides better performance, smaller key sizes, and stronger security.
Q: How to check key exchange algorithms supported by server?
A: Use nmap --script ssh2-enum-algos -p 22 hostname or ssh -Q kex.
SSH key exchange is the core technology that ensures SSH security, and understanding its working principle is crucial for system security.