SSH Key Exchange (Diffie-Hellman Group Exchange, Curve25519)

#The Kex Phase: Establishing the Secret#link

As we saw in the architecture lesson, the Transport Layer begins with the Key Exchange (Kex). The goal of Kex is for the client and server to derive a shared symmetric key without ever sending that key across the wire. This is where the 'math' of SSH happens.

Diffie-Hellman (DH) Group Exchange

In standard DH, the server provides a prime number $p$ and a generator $g$. Both parties pick secret numbers and exchange public values. The resulting shared secret is then used to derive the encryption keys. However, if the server uses a 'small' or 'common' prime, an attacker can pre-compute the logarithms (the Logjam attack).

The output above shows the server proposing `g14`, which is a standardized 2048-bit MODP group. The client will accept this if it is in its allowed list of algorithms.

The Shift to Curve25519

Elliptic Curve Diffie-Hellman (ECDH) is significantly faster and more secure than traditional DH. The current gold standard in SSH is `curve25519-sha256@libssh.org`. It uses a specific elliptic curve that is designed to be immune to many side-channel attacks and offers high security with very small keys (256-bit).

The Final Shared Secret

Once the Kex is complete, the shared secret is not used directly. Instead, it is passed through a Hash function (like SHA-256) to generate: 1. The symmetric encryption key. 2. The MAC key for integrity. 3. The IV (Initialization Vector). This ensures that even if one key is compromised, the others remain secure.

• ▪Prioritize Curve25519 in `sshd_config`
• ▪Generate custom DH parameters using `ssh-keygen -G`
• ▪Disable SHA-1 based Kex algorithms
• ▪Monitor for 'KexInit' failures in logs