0Pricing
Cryptology Academy · Lesson

SSH Handshake and Host Key Authentication

Trace the SSH-2 handshake: version exchange, algorithm negotiation, key exchange, and service authentication.

TCP Connection on Port 22

SSH begins with a TCP connection to port 22. Once established, both client and server exchange version strings such as SSH-2.0-OpenSSH_9.3, which identifies the protocol version and implementation. This version exchange allows both sides to confirm compatibility before proceeding.

Algorithm Negotiation Phase

After version exchange, both parties send SSH_MSG_KEXINIT packets listing their supported algorithms. These lists cover key exchange methods, host key types, symmetric ciphers, MAC algorithms, and compression. The intersection of both lists determines the chosen algorithms for the session.

All lessons in this course

  1. SSH Handshake and Host Key Authentication
  2. Public Key Authentication and Agent Forwarding
  3. SSH Tunneling and Port Forwarding Techniques
  4. SSH Hardening and Audit Best Practices
← Back to Cryptology Academy