Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Questions to SSH/SFTP/SCP
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Questions to SSH/SFTP/SCP


I'm reading a bit about SSH, SFTP and SCP. I use all of them everyday and I know that they are encrypted. But what does that exactly mean and how safe am I? How does the encryption works? I read that SSH, SFTP and SCP all use the same encryption. They encrypt my files/passwords with my private and public key pair. Is that right? And does this mean that when I have a public key with 1024 bit my connection is 1024 bit encrypted?

Just a few noobiequestions about that.

regards and thanks :)


  • I think you can find relevant answers about these protocols on wikipedia.

  • @pbalazs123 said:
    I think you can find relevant answers about these protocols on wikipedia.

    I already checked google and they always saythings like its encrypted or encrypted by public private keys but they dont answer my questions.

  • I guess you open the connection with the SSH server, and it responds with a public key (like SSL), and your client then encodes your commands with the public key and the server decodes it with the private key, and yeah 1024 bit is how big the numbers are or something

    this is a pretty good video and will explain how encryption works

  • AzureVPSAzureVPS Member
    edited February 2014

    A common misconception is that the SSH protocol keeps on using asymmetric encryption for the entire connection.

    What actually happens is that, much like how TLS works, the asymmetric encryption/signing is only used for identifying the server and user (to prevent man-in-the-middle attacks), deciding on a symmetric cipher to use, and exchange the shared secret (key) for it.

    For example, recent versions of OpenSSH can use ECDHE and ECDSA for the asymmetric part, but then moves on to using AES-GCM for the rest of the connection.
    However, servers and clients supporting that aren't very common. Most SSH connections right now probably are still using DHE and RSA for the asymmetric part and AES-CTR for the symmetric part.

    A symmetric cipher is used because they are hundreds of times faster than asymmetric ones, especially if the symmetric cipher is AES, where modern CPUs have hardware support for it to speed it up even further.

    PS. If you're confused by the acronyms, here's a brief explanation, but google always helps:

    TLS: Transmission Layer Security, the current technology used for secure website connections.

    ECDHE: Elliptic Curve Diffie-Hellman Exchange, used for exchanging keys and deciding on a symmetric key.

    DHE: Same use as above, but slower and using a different algorithm.

    ECDSA: Elliptic Curve Digital Signature Algorithm, used in verifying each other's identities.

    RSA: Doesn't actually stand for anything (It's the first character in the creators' names). Can encrypt as well, but used mostly for just verifying each other's identities for SSH.

    AES-GCM and AES-CTR: Different modes of operation of the symmetric Advanced Encryption Standard.

    Thanked by 2Abdussamad trexos
Sign In or Register to comment.