How Secure Shell Works (SSH) - Computerphile

Connecting via SSH to a remote machine is second nature to some, but how does it work? Dr Steve Bagley.
Dr Mike Pound on Hashing (mentions padding but full video on padding is planned to follow): mealsdelivered24x7.us/detail/video-DMtFhACPnTY.html
facebook.com/computerphile
twitter.com/computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com

KOMMENTARE

  • Nice tutorial. Thanks. Would talk more about the key exchange and establishing process you omitted for the purpose of this video at around 4:00?

    JeremyJeremyVor 3 Tage
  • You mention X windows using an encrypted tcp connection to poet 6000. I've always known ssh to use a standard port 23. When did that become the standard?

    Daryl AllenDaryl AllenVor 4 Tage
  • \the problem i find in encrypted transmissions is that you need a "key" to decrypt the data... so if the connection is compromised from the start, you never actually have encrypted data since the key is sent unencrypted... (in other words you compromise your self in the initial handshake!)

    The EpicSlayer7 SSSThe EpicSlayer7 SSSVor 5 Tage
    • That's not true and now how it works. If you have a man in the middle that just reads the conversation there is no way he can decrypt it. The initial key that gets send over is just the public key for the other end to encrypt the message containing the key to decrypt the following messages it sends. So even if you make a full paket dump from any end of the connection you still can't decrypt it with just the information inside the paket stream. You might say, ok but "what If I have a MITM that can actually manipulate the packages send/received from one end?". Well that's what we have certificate authorities and keychains for. What if you have a compromised CA in the root-key store? Well let's just say 'ok the CIA can ruin your day if they're really motivated', but your run-of-the-mill threat-model will probably not include that scenario. Event without CAs you still have fingerprint checks, so you would need to have the modifying MITM the very first time you connect to the machine and every time after that too or it would be noticable.

      dravorekdravorekVor 3 Tage
  • Thank you sir, good job 🍉

    poer_ _jiyopoer_ _jiyoVor 6 Tage
  • Thanks for the subtitles! The auto-generated ones can be pretty inconsistent.

    Zeda ThomasZeda ThomasVor 9 Tage
  • Why the f does he use apple monitors

    Matty LMatty LVor 10 Tage
  • The first thing I do when setting up a new SSH server is to set PasswordAuthentication to no. Passwords are evil. It takes a few seconds to generate a key pair and add the public key portion to the authorized_keys file. It's amusing to see how rapidly script kiddies start banging on port 22 when you open it on your firewall (within a minute, usually) but they will try in vain if you are using public key access (I like ECDSA-521 and RSA with at least a 2048-bit modulus).

    David GilliesDavid GilliesVor 11 Tage
  • If a hacker listens to initial call from client to server, and fetches the encrypt algorithm, can he listens to connection and decrypt data?

    lapto plapto pVor 13 Tage
  • Ok, I admit I'm ignorant... but you never once explained how it WORKS - ie, why is this secure and what prevents a packet sniffer from decrypting the packet the same way the intended server does it?

    Lauren DoeLauren DoeVor 13 Tage
  • Good video

    Shravan ShandilyaShravan ShandilyaVor 13 Tage
  • Wow, I started watching this video, but only out of the corner of my eye, and I looked at the monitor on the desk and thought: "What is that huge black cube??" -- optical illusion

    modoliefmodoliefVor 14 Tage
  • Those Macs though...overpriced pos in a snobby wrapper

    QWERTY1980QWERTY1980Vor 14 Tage
  • Great explanation, thanks!

    Gameplay and TalkGameplay and TalkVor 14 Tage
  • I want to to masters in cyber security...what's the best place for that

    Ankit ShrivastavAnkit ShrivastavVor 15 Tage
  • What does it mean to forward a connection?

    Noah WoltonNoah WoltonVor 16 Tage
  • Would love to see a video about MOSH from you guys! Thanks, appreciate your work

    sharkbyte FPVsharkbyte FPVVor 16 Tage
  • Have you considered doing an episode about BEEP (or BXXP)? This is a standard stream multiplexing protocol as described in RFC's 3080 and 308.

    Paul SanderPaul SanderVor 16 Tage
  • Do a review on the Uptrennd platform !! :)

    MartBro93MartBro93Vor 16 Tage
  • I only watched to correct Steve. 3:34 Unless you select specific 3rd party or otherwise dubious algorithms, the packet length field is also encrypted. In particular, the demo algorithms at 6:00 do encrypt the packet lenght field.

    A PA PVor 17 Tage
  • I would've liked a bit more detail... but.. I guess.. that's really all there is to SSH :)

    Base*RadiusBase*RadiusVor 17 Tage
  • SSH is a protocol for sharing files between two computers. The SHA256 NSA encryption is applied for the transmission of data, as the packets don't get lost and it's based on a TCP connection.

    akywonakywonVor 17 Tage
    • ​+MyTech SHA256 role in SSH as a one way function is that SSH will ask you for a finger print, when that is mentioned SHA256 will hash your characters as your "ID" which is a long cryptographic hash string in an SSH file for communication for two computers. You can then do authentication for your remote computer for file sharing between the two computers. We are hashing characters to protect the integrity of the data not to perform a brute force attack. These are the only ways SHA256 or SHA512 is applied.

      akywonakywonVor 16 Tage
    • +MyTech @MyTech SHA256 was designed for message digests, it's what's used as a layer for information security in applications and if you knew how SSH worked you would know that SHA256 is a cryptographic hash function, but it can also be misused in computation referring to what you mentioned a "hashing algoritihm" used for password cracking. Hashing algorithms serve the purpose of computation among inputs for a desired outcome and that's not applied in SSH, it's based on authentication.

      akywonakywonVor 16 Tage
    • SFTP is a protocol for sharing files between two computers.

      Semih TokSemih TokVor 16 Tage
    • SHA256 is a non-reversible hash algorithm not an encryption. Blowfish-cbc, aes256-cbc, and aes256-ctr are encryptions.

      MyTechMyTechVor 16 Tage
  • why is padding encrypted given they would be equally random bytes before and after encryption?

    Gabriele BonettiGabriele BonettiVor 17 Tage
  • Thus video misses the really interesting point how the encyption key is exchanged between the two sides in a secure way. It also doesn't mention how to ensure that the foreign host is the one it pretends to be.. The role of the files "known_hostx" and "authorized_keys". Maybe you could explain these in a follow up video ?

    goetzpgoetzpVor 17 Tage
  • i still dont get it. is it like a browser vpn?

    DerBauerDerBauerVor 17 Tage
  • The university that I studied was still using telnet only a few years back they started implementing ssh for enrollment process. smh

    Leomar PérezLeomar PérezVor 17 Tage
  • Thanks for this videos!!

    Esteban RodríguezEsteban RodríguezVor 17 Tage
  • Please don't blur for security. It's still readable. Use solid colored bars, for the love of Turing.

    clearmenserclearmenserVor 17 Tage
  • Everyone should use LibreSSL ;) I know it is hard to get it run on your machine. More distros should use LibreSSL.

    Philipp BlumPhilipp BlumVor 17 Tage
  • I didn't know it was developed by a Finnish guy

    patu8010patu8010Vor 17 Tage
  • This channel rocks like SSH.

    Sebastiaan HolsSebastiaan HolsVor 18 Tage
  • Does anyone now how to setup an account on the other machine? When I do ssh -v myHost, it'll ask for a password for the user myName@myHost

    Floris BollenFloris BollenVor 18 Tage
  • The computer to the left makes me think of Pageant's icon for some reason.

    RisorahnRisorahnVor 18 Tage
  • I had to use SSH to connect to a VPS I paid for, I could only get as far as connecting to it, I didn't know how else to use it or set up my website...... waste of a month subscription lol

    JDJDVor 18 Tage
  • would'nt it be possible to pose as an ssh server during the handshake process?

    12345charliebrown12345charliebrownVor 18 Tage
  • What if there is a weakness in the hashing algorithm for the message authentication code and you somehow figure out for example what the message cannot be? I know it's abstract and non-practical idea... but I guess the mac can be encrypted as well (why not?).

    Philip PetrovPhilip PetrovVor 18 Tage
  • Mosh anyone?

    John RedbergJohn RedbergVor 18 Tage
  • When you say the padding is a random number of whatever, is this akin to a salt when encrypting passwords for example?

    James BosJames BosVor 18 Tage
    • It's more for the purpose of obfuscation, allowing the SSH packet length to be some fixed number, and thus not allowing an attacker to deduce anything useful about what the payload might be. *_EDIT:_* It does also act as a salt, since we can have equivalent payloads which, even if encrypted using a simple block cipher, result in different ciphertexts due to having different randomly generated padding.

      Jivan PalJivan PalVor 17 Tage
  • why is that guy obsessed with the word "connection?"

    Nikolaos TsagkarakisNikolaos TsagkarakisVor 18 Tage
  • SSH is really good. It even allows to connect ethernet layer VPN so you can have layer 2 or layer 3 if you wish vpn really easily and every machine supports that.

    teekelloteekelloVor 18 Tage
    • TAP TAP TAP TUN TUN TUN TAP TAP TAP TUN TUN TUN ...+BattousaiHBr

      teekelloteekelloVor 11 Tage
    • +teekello ? you called VPN a L2 connection when it isn't.

      BattousaiHBrBattousaiHBrVor 11 Tage
    • +BattousaiHBr yes I know. What's your point??? Wtf

      teekelloteekelloVor 11 Tage
    • +teekello a VPN runs on top of L3, so how can it possibly be L2? the VPN interface is for all intents and purposes a L2 interface, but it runs on top of the L3 stack rather than on top of L1 or even other L2. this is why VPN is often called L2.5, among other encapsulation or tunneling protocols. when talking about MPLS VPNs, it's technically possible to get L2 transmission if you run it through something like ATM, but i think the standard method is on top of the IP layer.

      BattousaiHBrBattousaiHBrVor 11 Tage
    • It's L2. MPLS is more like Layer 2.5 -.- don't miss lead +BattousaiHBr

      teekelloteekelloVor 12 Tage
  • which video explains the padding and random data in the packets? It would be nice if that could be added to the description.

    Digital Insan1tyDigital Insan1tyVor 18 Tage
  • Rsync over ssh works for me.

    Recognize rRecognize rVor 18 Tage
  • That timing tho. I know some of my class mates got asked about exactly this yesterday in the oral exam.

    reizhustenistdoofreizhustenistdoofVor 18 Tage
  • Dr Bagley -- you should consider reducing your sugar consumption drastically. No more sodas, cakes, candy bars, etc. Drink water, eat real food -- snack on nuts or something low in sugar.

    Calin CulianuCalin CulianuVor 18 Tage
  • I know computerphile is trying to reach as wide an audience as possible, but I really hate how dumbed down the videos have gotten. I liked when they made videos about messing with specific data in TCP packets to bypass a router, or going through compiled assembly code to learn how c interprets code. I didn't care that I couldn't understand all of it immediately, I can just look up resourses online to understand the complex bits. Unsubbed.

    Funny GeeksFunny GeeksVor 18 Tage
  • Petition for computerphile to do Unix commands History, Uses, Tips, and Tricks

    Daniel AstilleroDaniel AstilleroVor 18 Tage
  • How serendipitous of you to post this on the same day I've started using ssh/screen sessions on my tensorflow machine.

    Flea Market SocialistFlea Market SocialistVor 18 Tage
  • Five uses of "data" as though it were a singular in the first 90 seconds. Could not stand to watch further. You SHOULD know better. Crikey! Are you not lecturing on this stuff?

    MichaelKingsfordGrayMichaelKingsfordGrayVor 18 Tage
  • 8:36 Yeah, there's a lot of cool stuff you can do with ssh. Mentioned tunneling existing protocols, but just looking at all the flags in `man ssh[d]` and all the options in `man ssh[d]_config` can give you a taste of the flexibility it offers. Although all I typically use it for is remote login, and git:// over ssh. Actually, git would make for a cool series here. Get someone to explain git from the object level up, it'd make for a cool watch.

    GammaFunctionGammaFunctionVor 18 Tage
  • IPsec next??

    GMusic GMGMusic GMVor 18 Tage
  • Ay, do not monkey around my data

    Souvik majiSouvik majiVor 18 Tage
  • I love that they use line printer paper 😂😂 most kids probably wonder what's with the holes on the sides??

    Justin EltoftJustin EltoftVor 18 Tage
    • The obvious answer for them is when you get your copy, you can waste time ripping the hole strips off. Like popping bubble wrap, but more official.

      Cheezy DeeCheezy DeeVor 8 Tage
    • Only 90s kids will get this r/gatekeeping

      Bolt StrikesBolt StrikesVor 13 Tage
    • No, no one is wondering that

      ClockworkClockworkVor 18 Tage
  • How to share your public key to a remote server, for password-less logins: cat ~/.ssh/id_rsa.pub | ssh @ 'cat >> /home//.ssh/authorized_keys' Not wanting applause, recognition, or needing to show my "skillz", because I'm a grown man and I don't need that, it's *just a helpful tip* 🙂 and it's an extremely basic tip, regardless.

    unlokiaunlokiaVor 18 Tage
  • SSHHHHH, it's a secret! 🤫🤫🤫

    unlokiaunlokiaVor 18 Tage
  • What is that Adaptec box always present on your videos? :)

    ferroviaire79ferroviaire79Vor 18 Tage
  • "How SSH works" after watching this I can neither write my own ssh client or perform key exchange with a remote server. (Maybe add "Part 1" to the title?)

    Reckless RogesReckless RogesVor 18 Tage
    • +Poke Champ i think he might be joking

      ClockworkClockworkVor 18 Tage
    • It's theory behind it. Not a tutorial on how to use it. Are you new here?

      Poke ChampPoke ChampVor 18 Tage
  • Super!

    TheSzymamTheSzymamVor 18 Tage
  • perfect timing, I'm taking a networking course right now and they do a terrible job of explaining SSH

    josh mcgeejosh mcgeeVor 18 Tage
  • 3:40 shouldn't the message authentication code be encrypted aswell?

    aullikaullikVor 18 Tage
    • 1) Because you don't want to spend CPU time decrypting a broken message. 2) Because you want to expose as little code as possible to malicious packet. However, it's even better (and faster) if the encryption and MAC are the same algorithm like with chacha20-poly1305 or AES-GCM.

      Robert de BathRobert de BathVor 18 Tage
  • useful but not secure

    jezebeljezebelVor 18 Tage
    • But it's trying to be.

      VanadainVanadainVor 18 Tage
  • I did this once for fun with Windows on my home computer which I connect from my computer at school. It was slow but it works. This was many years ago. I think it was with WinXP or Win2k.

    Lars ALars AVor 18 Tage
  • So padding is similar to salting a hashed password?

    HiFi AutiHiFi AutiVor 18 Tage
    • Not at all

      ClockworkClockworkVor 18 Tage
    • Not really. Sometimes it can be used as such, but normally padding is forced simply because encryption algorithms encrypt data in blocks of bytes (often 16 bytes). Nevertheless, if you've got to put bytes in there random is probably better than just zeros.

      Robert de BathRobert de BathVor 18 Tage
  • I thought sshing was only a Mac and Linux (or you call it "UNIX") thing until I realise you can add it on Windows 10 via the "Add more features" preference page

    Nahid IslamNahid IslamVor 18 Tage
    • Its enabled by default in current Win 10 releases.

      TZCoderTZCoderVor 18 Tage
    • Better still, use putty or openssh under cygwin or mingw

      Tobias DamischTobias DamischVor 18 Tage
    • you mean you ever had a doubt in your mind that one of the most useful computing tools or their functional equivalents would not be universally available on all major platforms?

      DigiDigiVor 18 Tage
  • You know what grinds my gears? At 0:47 that iPhone is way too close to the edge of the table...

    Անթերի ՀամակարգիչԱնթերի ՀամակարգիչVor 19 Tage
    • yeah! (should be pushed off the edge into the bin.)

      Reckless RogesReckless RogesVor 18 Tage
  • Telnet, rlogin and rsh worked fine B U T

    Oscar HayfordOscar HayfordVor 19 Tage
  • (Only _after_ my one Linux-based device failed did a simple version appear, not even requiring an installer IIRC.) I'd always assumed it was some MShenanigans, but oh well... Still, good job on describing the process itself.

    Rich WilsonRich WilsonVor 19 Tage
  • Last

    yeePlayzyeePlayzVor 19 Tage
  • *no that's rubbish you can't read the blur ip address*

    Super_Cool_Guy !Super_Cool_Guy !Vor 19 Tage
  • Discovering SSH was a game changer for me after i started playing with linux. I discovered SSH forwarding and it blew my goddamn mind. It's been a life saver in a lot of situations and I'll never forget the professor that showed me how to use it.

    Dan SmoothbackDan SmoothbackVor 19 Tage
    • Anyway, you should try emacs. Open the file "/ssh:user@machine:file" or "/scp:user@machine:'. Called Tramp mode. 😜

      Anders JacksonAnders JacksonVor 18 Tage
    • I still remember when I discovered that I with scp could from machine A could copy a file from machine B to C. Also that it could copy between two accounts on the same machine. 😜

      Anders JacksonAnders JacksonVor 18 Tage
  • Where is that video on gallois fields that was teased at the end of the last isbn video? I’ve just been sitting by hoping you’ll post the video soon, but now I’m starting to worry that there isn’t a video being made.

    Justin JonesJustin JonesVor 19 Tage
    • Computerphile yay, thanks for the response! I shall wait patiently and keep my eye out for the video.

      Justin JonesJustin JonesVor 17 Tage
    • It is planned but it hasn't been shot yet! >Sean

      ComputerphileComputerphileVor 19 Tage
  • Can you link those videos (thumbnail) after the main video in description?

    Sourav GoswamiSourav GoswamiVor 19 Tage
  • Damn I had no idea ssh had all these features.

    Odis ClemonsOdis ClemonsVor 19 Tage
    • Read the manpage sometime, it's quite a nice read. I suggest doing that with all your commonly used commands; you'll be surprised what you'll learn.

      ChrisChrisVor 18 Tage
    • Just add the switch '-X' when you log in, then you can start xterm(1) or firefox(1) and get it displayed on your machine (if it supports X11, which there are programs in MS Windows, OSX and Linux that does).

      Anders JacksonAnders JacksonVor 19 Tage
  • What’s the difference between TLS/SSL and SSH?

    Ff CccFf CccVor 19 Tage
    • Completely different protocols but they use many of the same encryption and authentication algorithms. TLS always wraps it's public keys in certificates and usually obeys the tags (like expiry dates) that are include in the certificate. SSH allows multiple channels in one TCP/IP connection, TLS does not. FTP with TLS is called FTPS; the ssh variant of FTP is called SFTP. Note: The SSL name was actually retired with SSL3.0 which has been considered completely insecure for several years now.

      Robert de BathRobert de BathVor 18 Tage
  • I see this is not about Sams Crusty Pizzeria, or Silver Casino Platinum, or anything to do with Safe Christian Park, or Speed and Clarity Parcel service. Someone please get this.

    Martin ŠalkoMartin ŠalkoVor 19 Tage
  • how does the encryption work ?? do both machines agree on a key to encrypt and decrypt ?? or do they use an existing keys ?? how is it done exactly ??

    fouzai alaafouzai alaaVor 19 Tage
    • fouzai alaa I’m not smart enough to explain Elliptic Curve cryptography, but it relies on a similar premise. Check out Mike‘s videos on Diffie Hellman and Elliptic Curve cryptography on Computerphile. Their great!

      Josh ParrishJosh ParrishVor 16 Tage
    • fouzai alaa Actually, no, you can not determine the keys from watching their clear-text communication. In the way key exchange algorithms like DH or ECDH work mathematically, the key negotiation messages shared over the public medium rely on private knowledge that the two parties have. It’s so sensible how it works, yet still blows my mind. Diffie Hellman key exchange is often explained with paint. If I have blue paint and you have red paint, we can publicly agree to mix our paints with yellow, and share our results. I then send you green paint in public view, you send me orange paint in public view. I combine the orange paint you sent with my private blue color, while you combine the green paint I sent you with your private red color. We both arrive at the exact same color paint, while no one else could have without knowing the private red or blue. Obviously, paint colors are too simplistic for the math behind this, but the premise remains. The math behind this is modular arithmetic (extremely difficult to undo - basically just brute force guessing), resulting in what’s known as the discreet logarithm problem. This still requires authentication of the key exchange messages, as someone could perform a MITM attack between us (someone could send me some other color paint, saying it’s from you and establish a shared color with me, while I’m convinced that it was you who sent it.) So, DH is often authenticated with RSA digital signatures, or perhaps other signature algorithms, another marvel.

      Josh ParrishJosh ParrishVor 16 Tage
    • +fouzai alaa There's a negotiation about which *method* to use for exchanging keys etc, but the exchange itself is secure. Look up Diffie Hellman for info on how keys can be established securely over an unsecured connection

      classawarriorclassawarriorVor 18 Tage
    • so if i intercept the negotiation phase or even decrypt the packets with all known encryption on ssh i can get the data ??? is the negotiation itself encrypted ?? and how do they send the keys at first ??? and are the keys secured ??

      fouzai alaafouzai alaaVor 18 Tage
  • YES

    ANON1977ANON1977Vor 19 Tage
  • SSH is an amazing tool and it has capabilities the Windows world can't even dream of.

    Adi SGHAdi SGHVor 19 Tage
    • WIndows 1803 has OpenSSH server and client now. Pretty gute. Enable it from Settings>Optional Features Then Security>Developers>Enable SSH server

      KernelsKernelsVor 7 Tage
    • So are the developers of Putty going to sue for antitrust violations?

      Cheezy DeeCheezy DeeVor 8 Tage
    • Just to add to it, there's also an ssh server in beta for Windows (built in!) as well. So much better than the nonsensical remote shell they had before.

      Michael PulliamMichael PulliamVor 16 Tage
    • You've always been able to just download an SSH client on Windows, & the same for x11 forwarding. I don't see the problem.

      Whomping WalrusWhomping WalrusVor 18 Tage
    • Windows has a ssh client and server altough i think x11 forwarding from linux is not supported

      Matt BMatt BVor 18 Tage
  • How do you even have dot-matrix printer paper in 2019?

    mistercohaagenmistercohaagenVor 19 Tage
    • Man, that is exactly what I was wondering. Furthermore, why does he use a green color marker in that paper? That is not a proper color for it.

      Cassiano CampesCassiano CampesVor 10 Tage
    • they are also used where there is a need to print directly on triplicate, quadruplicate, etc.

      Andrew FrinkAndrew FrinkVor 12 Tage
    • It's still used a lot.

      Christophe LChristophe LVor 14 Tage
    • Tractor feed is very robust for industrial applications. Common office printers are flimsy junk with unreliable pickup and feed leading to jams and lost prints when removed from the nice clean, low vibration, and air conditioned environment. In short, tractor feed paper is still produced and sold.

      MyTechMyTechVor 16 Tage
  • Somebody summon Justin Y.

    Azor AhaiAzor AhaiVor 19 Tage
    • Ehh?? Why the hate??

      KernelsKernelsVor 7 Tage
    • No, hire a hitman to get rid of this pathetic excuse of a human being.

      BurgerKingHarkinianBurgerKingHarkinianVor 19 Tage
  • Torille?

    Henrix98Henrix98Vor 19 Tage
  • The story how ssh got allocated port 22 is also abit interesting.

    Christian Magnus LieChristian Magnus LieVor 19 Tage
    • +superscatboy He was asking for the pronunciation, not the meaning of 'abit'.

      TariqTariqVor 17 Tage
    • superscatboy This is the correct answer.

      ChrisChrisVor 18 Tage
    • +unlokia An abit is similar to an alot, but smaller.

      superscatboysuperscatboyVor 18 Tage
    • Is "abit" like "rabbit", only a bit shorter?

      unlokiaunlokiaVor 18 Tage
  • Haha of course alpha finland invented ssh

    hyperx alloy fps pelinäppäimistöhyperx alloy fps pelinäppäimistöVor 19 Tage
    • What is saying? /s

      Lucca PellegriniLucca PellegriniVor 16 Tage
    • +hyperx alloy fps pelinäppäimistö what are you saying?

      Anders JacksonAnders JacksonVor 17 Tage
    • +Anders Jackson Im not sure what youre saying

      hyperx alloy fps pelinäppäimistöhyperx alloy fps pelinäppäimistöVor 17 Tage
    • There was a huge knowledge about computer security there in the 1990:th, I don't know how it is now.

      Anders JacksonAnders JacksonVor 19 Tage
  • Can't imagine life without SSH.

    El GrinchoEl GrinchoVor 19 Tage
    • +Anders Jackson I thought it's common knowledge that security is a feeling, not an achievable goal.

      K o r b yK o r b yVor 16 Tage
    • Can't imagine life without PURE WATER

      BithonBithonVor 17 Tage
  • ok now explain reverse ssh.... please

    SultanSultanVor 19 Tage
    • hss

      D.O.A.D.O.A.Vor 18 Tage
  • Torille!

    Sampling RealitySampling RealityVor 19 Tage
    • Tatu Ylöingjeng. Apology accepted!

      Jako1987Jako1987Vor 18 Tage
    • Housuihin!

      Suvi-Tuuli AllanSuvi-Tuuli AllanVor 19 Tage
  • I remember back in 97, the university officially ended all support for non encrypted remote access, and we were all required to use SSH. Which worked fine. It also made for an excellent tunnelling tool when the same university tried blocking all access to P2P networks.

    Nicholas ScottNicholas ScottVor 19 Tage
    • "congratulations, you played yourself."

      BattousaiHBrBattousaiHBrVor 12 Tage
    • +Eeroke Teach me master

      Hemant YadavHemant YadavVor 18 Tage
  • If that IP is something you wish to hide and you add a blurr to it (7:00) you might want to scramble it up a little more, as you can still kinda read it... Just saying.

    TimDd2013TimDd2013Vor 19 Tage
    • +MrSlowestD16 pretty sure than 128 is a public ip class, I might be wrong though

      mauro fotimauro fotiVor 5 Tage
    • They're at a university, practically guaranteed to be behind a NAT, so the IP address is likely completely irrelevant to people outside the university's network.

      MrSlowestD16MrSlowestD16Vor 15 Tage
    • Tangentialy, there are NN based models to de-blur images like that pretty trivially.

      David SaintlothDavid SaintlothVor 17 Tage
    • It's a Easter egg for the true fans of the channel

      PleaseDontWatchThesePleaseDontWatchTheseVor 18 Tage
  • Do an rsync too please

    Juan Diego CalleJuan Diego CalleVor 19 Tage
    • +1

      Navonil MukherjeeNavonil MukherjeeVor 18 Tage
  • Do/explain some DDOSing samples plz

    Abdullah NaseerAbdullah NaseerVor 19 Tage
    • +Abdullah Naseer yw

      WarGamingRefugeeWarGamingRefugeeVor 19 Tage
    • Ty

      Abdullah NaseerAbdullah NaseerVor 19 Tage
    • They have. Put "The Attack That Could Disrupt The Whole Internet - Computerphile" into YouYube's search box. It should come up as the first search result.

      WarGamingRefugeeWarGamingRefugeeVor 19 Tage
  • Where is justin y?

    Twerking DuckTwerking DuckVor 19 Tage
    • gonna be here soon... maybe he's now on another video.

      Rohit JogiRohit JogiVor 19 Tage
  • 3rd!

    Sean LinghamSean LinghamVor 19 Tage
  • How does the other machine (server in your example) know the key to initially decrypt the packet? Do they use an asymmetric encryption handshake to establish the session key for the ssh to encrypt the payload and padding to be passed through the ssh? Love the vids too

    kade greenkade greenVor 19 Tage
    • +BladeRnR10 learn how to ask questions, there are plenty of web sites. Don't spend my time answering your question and doing your homework. That is being a douche too.

      Anders JacksonAnders JacksonVor 12 Tage
    • @ Anders Jackson. No need to be an Elitist douche.

      BladeRnR10BladeRnR10Vor 12 Tage
    • SSH allows for many different encryption algorithm, typically RSA but pretty much everything else is supported on latest versions.

      BattousaiHBrBattousaiHBrVor 12 Tage
    • +12345charliebrown don't ask, check then ask. It uses certificates on both direction. So you can't just put up an ssh server that logs and forward traffic to the right source. The connected ssh server must have the right certificates, or else it refuses to connect.

      Anders JacksonAnders JacksonVor 17 Tage
    • That's the actual interesting part about SSH which is for some reason not covered in this video. It uses a combination of RSA and Diffie-Hellman to establish a shared secret key and a trust-on-first-use protocol to prevent man in the middle attacks.

      George KettleboroughGeorge KettleboroughVor 17 Tage
  • 418 th . And 3rd comment

    Physics&MathPhysics&MathVor 19 Tage
    • KYS

      CaddeCaddeVor 19 Tage
    • 4th*

      Random Internet UserRandom Internet UserVor 19 Tage
  • Hey computerphile, why apple watches?

    GregGregVor 19 Tage
    • +unlokia and then you showed up. Outperformed every one else in whatever you accuses others of being.

      Anders JacksonAnders JacksonVor 17 Tage
    • I just want to hear them say, "Because, they work"

      GregGregVor 17 Tage
    • +naikrovek To appear "current" and "in the know" to their peers (many people crave validation from strangers 🤨) Yes, it's very very sad, isn't it. Edit: Oh look, here we see the typical "...is based on Linux" comment, shortly followed by Captain Obvious coming along and ✌️"correcting"✌️ them, by subsequently saying "er, actually it's BSD, bla bla bla bla 😴😴😴😴" Is there ANYTHING NEW for people to discuss?!!!

      unlokiaunlokiaVor 18 Tage
    • +::::: ::::: Sorry, auto correct did a bad job. I know that OSX is based on BSD. But what I wanted to write was Linus Torvalds, of Linux fame.

      Anders JacksonAnders JacksonVor 18 Tage
  • Second

    Faizul HaqFaizul HaqVor 19 Tage
  • First

    RandoM_ 11RandoM_ 11Vor 19 Tage
How Secure Shell Works (SSH) - Computerphile