Citizendia
Your Ad Here

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two computers. In computing, a protocol is a convention or standard that controls or enables the connection Communication, and Data transfer between two computing In Cryptography, a secure channel is a way of transferring data that is resistant to interception and tampering Encryption provides confidentiality and integrity of data over an insecure network, such as the Internet. The Internet is a global system of interconnected Computer networks SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key Authentication (from Greek αυθεντικός real or genuine from authentes author is the act of establishing or confirming something (or someone as [1]

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols. The term tunneling protocol is used to describe when one Network protocol called the payload protocol is encapsulated within a different delivery protocol The Transmission Control Protocol (TCP is one of the core protocols of the Internet Protocol Suite. In Computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint used by Transport Layer protocols In Computing, the SSH File Transfer Protocol (sometimes called Secure File Transfer Protocol or SFTP) is a Network protocol that provides Secure Copy or SCP is a means of securely transferring Computer files between a local and a remote host or between two remote hosts using the [1] SSH uses the client-server protocol. In Computing, a client-server protocol is a protocol in which there is a single server which listens for connections, usually on a specific

An SSH server, by default, listens on the standard TCP port 22. A server is a Computer dedicated to providing one or more services over a computer network typically through a request-response routine The Transmission Control Protocol ( TCP) and the User Datagram Protocol ( UDP) are Transport Layer protocols of the Internet Protocol [2]

An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. A client is an application or system that accesses a remote service on another Computer system, known as a server, by way of a Network. In Unix and other computer multitasking Operating systems a daemon (ˈdiːmən or /ˈdeɪmən/ is a Computer program that runs in the background Both are commonly present on most modern operating systems, including Mac OS X, Linux, FreeBSD, Solaris and OpenVMS. An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination Mac OS X (mæk oʊ ɛs tɛn is a line of computer Operating systems developed marketed and sold by Apple Inc, the latest of which is pre-loaded on all currently Linux (commonly pronounced ˈlɪnəks FreeBSD is a Unix-like free Operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD branch through Solaris is a Unix -based Operating system introduced by Sun Microsystems in 1992 as the successor to SunOS. Open Virtual Memory System ( OpenVMS) initially known just as Virtual Memory System ( VMS) is the name of a High-end Computer server Proprietary, freeware and open source versions of various levels of complexity and completeness exist. Proprietary software is Computer software on which the producer has set restrictions on use private modification copying, or republishing. Freeware is computer Software that is available for use at no cost or for an optional fee Open source software (OSS began as a marketing campaign for Free software.

Contents

History of SSH

In 1995, Tatu Ylönen, a researcher at Helsinki University of Technology, Finland, designed the first version of the protocol (now called SSH-1) prompted by a password-sniffing attack at his university network. Helsinki University of Technology ( TKK) ( Finnish: Teknillinen korkeakoulu; Swedish: Tekniska högskolan) is the premier technical A campus area network (CAN is a Computer network made up of an interconnection of Local area networks (LANs within a limited geographical area The goal of SSH was to replace the earlier rlogin, TELNET and rsh protocols, which did not provide strong authentication or guarantee confidentiality. In Computing, rlogin is a Unix software utility that allows users to log in on another host via a network, communicating via Telnet ( Tel ecommunication net work is a Network protocol used on the Internet or local area network (LAN connections rsh ( r emote sh ell) is a Command line Computer program which can execute shell commands as another user, and on Ylönen released his implementation as freeware in July 1995, and the tool quickly gained in popularity. Freeware is computer Software that is available for use at no cost or for an optional fee Towards the end of 1995, the SSH user base had grown to 20,000 users in fifty countries.

In December 1995, Ylönen founded SSH Communications Security to market and develop SSH. SSH Communications Security ( is a Finnish company that is based in Helsinki and was founded by Tatu Ylönen in 1995. The original version of the SSH software used various pieces of free software, such as GNU libgmp, but later versions released by SSH Secure Communications evolved into increasingly proprietary software. Free software or software libre is Software that can be used studied and modified without restriction and which can be copied and redistributed in modified or unmodified The GNU Multiple-Precision Library, also known as GMP, is a free library for Arbitrary-precision arithmetic, operating on signed Integers Proprietary software is Computer software on which the producer has set restrictions on use private modification copying, or republishing.

In 1996, a revised version of the protocol, SSH-2, was designed, incompatible with SSH-1. SSH-2 features both security and feature improvements over SSH-1. Better security, for example, comes through Diffie-Hellman key exchange and strong integrity checking via message authentication codes. Diffie-Hellman key exchange ( D-H) is a Cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret Integrity is Consistency of actions values methods measures and principles A cryptographic message authentication code (MAC is a short piece of information used to Authenticate a message New features of SSH-2 include the ability to run any number of shell sessions over a single SSH connection. In computing a shell is a piece of software that provides an interface for users [3]

In 1999, developers wanting a free software version to be available went back to the older 1. 2. 12 release of the original ssh program, which was the last released under an open source license. Open source is a development methodology which offers practical accessibility to a product's source (goods and knowledge Björn Grönvall's OSSH was subsequently developed from this codebase. Shortly thereafter, OpenBSD developers forked Björn's code and did extensive work on it, creating OpenSSH, which shipped with the 2. OpenBSD is a Unix-like computer Operating system descended from Berkeley Software Distribution (BSD a Unix derivative developed at the In Software engineering, a project fork happens when developers take a copy of Source code from one software package and start independent development ! ssh and Computer networking |-! Unix-like and Software licensing |-! Computer insecurity OpenSSH ( OpenBSD Secure Shell 6 release of OpenBSD. From this version, a "portability" branch was formed to port OpenSSH to other operating systems.

It is estimated that, at the end of 2000, there were 2,000,000 users of SSH. 2000 ( MM) was a Leap year that started on Saturday of the Common Era, in accordance with the Gregorian calendar. [4]

As of 2005, OpenSSH is the single most popular ssh implementation, coming by default in a large number of operating systems. Year 2005 ( MMV) was a Common year starting on Saturday (link displays full calendar of the Gregorian calendar. OSSH meanwhile has become obsolete. [5]

In 2006, the aforementioned SSH-2 protocol became a proposed Internet standard with the publication by the IETF "secsh" working group of RFCs (see references). In Computer network Engineering, an Internet Standard (STD is a Specification, put forward by the Internet Engineering Task Force (IETF for Working Group can mean Working group, an interdisciplinary group of researchers or Working Group (dogs, kennel club designation for In Computer network Engineering, a Request for Comments (RFC is a Memorandum published by the Internet Engineering Task Force (IETF describing

Uses of SSH

Example of tunneling an X11 application (xeyes) over SSH.
Example of tunneling an X11 application (xeyes) over SSH. xeyes is a graphical Computer program showing two Googly eyes which follow the Cursor movements on the screen as if they were watching it

SSH is most commonly used:

SSH architecture

Diagram of the SSH-2 binary packet.
Diagram of the SSH-2 binary packet. In Computer networks a proxy server is a server (a computer system or an application program which services the requests of its clients by forwarding In Computing, a file system (often also written as filesystem) is a method for storing and organizing Computer files and the data they contain to make SSHFS ( Secure SHell FileSystem) is a File system for Linux (and other operating systems with a FUSE implementation such as Mac

The SSH-2 protocol has a clean internal architecture (defined in RFC 4251) with well-separated layers. These are:

This open architecture provides considerable flexibility, allowing SSH to be used for a variety of purposes beyond secure shell. The functionality of the transport layer alone is comparable to TLS; the user authentication layer is highly extensible with custom authentication methods; and the connection layer provides the ability to multiplex many secondary sessions into a single SSH connection, a feature comparable to BEEP and not available in TLS. Transport Layer Security ( TLS) and its predecessor Secure Sockets Layer ( SSL) are Cryptographic protocols that provide secure This article is about the computer networking concept See also Beep for a disambiguation page Transport Layer Security ( TLS) and its predecessor Secure Sockets Layer ( SSL) are Cryptographic protocols that provide secure

Security cautions

Since SSH-1 has inherent design flaws which make it vulnerable to, e. g. , man-in-the-middle attacks, it is now generally considered obsolete and should be avoided by explicitly disabling fallback to SSH-1. In Cryptography, the man-in-the-middle attack or bucket-brigade attack (often abbreviated MITM) sometimes Janus attack, is a While most modern servers and clients support SSH-2, some organizations still use software with no support for SSH-2, and thus SSH-1 cannot always be avoided.

In all versions of SSH, it is important to verify unknown public keys before accepting them as valid. Accepting an attacker's public key as a valid public key has the effect of disclosing the transmitted password and allowing man in the middle attacks.

As with any encrypted protocol, SSH can be considered a security risk by companies or governments who do not trust their users and wish to eavesdrop on their communications. Furthermore SSH has built in tunneling features which make it easier for users to achieve passage of large volumes of information or to establish an entry point for unauthorized inward access over a SSH link than with other protocols.

Because of the heavy-weight feature set of the protocol, the ability to use SSH through a firewall may be a serious security risk. In addition to port forwarding, some implementations of SSH directly support Layer2 VPNs, effectively connecting two remote ethernet networks, like they were connected using a switch. Because of these problems, there are attempts to address this issue.

Some companies deploy "jump-servers", effectively bastion hosts, SSH is not allowed to cross firewalls, unless originating from the "jump-server". A bastion host is a special purpose computer on a network specifically designed and configured to withstand attack Then certain restrictions might be implemented by changing/configuring the SSH client software that runs on the jump-server.

How SSH uses public-key cryptography

Main article: Public-key cryptography

First, a pair of cryptographic keys is generated. Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key In Cryptography, a key is a piece of information (a Parameter) that determines the functional output of a cryptographic algorithm One is the private key, the other is the public key. As an analogy, they can be thought of as a matching private-key and a public padlock. Analogy is both the cognitive process of transferring Information from a particular subject (the analogue or source to another particular subject (the target and Padlocks are portable locks used to protect against Theft, Vandalism, Sabotage, Espionage, unauthorized use and harm The public padlock is what is installed on the remote machine and is used by ssh to authenticate users which use the matching private key. As a user of the system, you don’t care who can see or copy the padlock (ie the public key), since only the secret private key fits it. The private key is the part you keep secret inside a secure box that can only be opened with the correct passphrase. A passphrase is a sequence of words or other text used to control access to a computer system program or data When the user wants to access a remote system, he opens the secure box with his passphrase, and uses the private-key to authenticate him with the padlock on the remote computer. Neither the passphrase nor the private key leave the user's machine. However, the user still needs to trust the local machine not to scrape his passphrase or copy his private-key while it's out of the secure box.

See also

References

  1. ^ a b RFC 4252
  2. ^ port-numbers assignments at iana. See also Secure shell An SSH client is a software program which uses the Secure shell protocol to connect to a remote computer. In computing Virtual Network Computing ( VNC) is a graphical Desktop sharing system which uses the RFB protocol to remotely control another Computer Cygwin (ˈsɪɡwɪn is a collection of tools originally developed by Cygnus Solutions to provide in Microsoft Windows a command line and programming interface familiar Corkscrew enables the user to run SSH connections over most HTTP and HTTPS Proxy servers Due to SSH features such as Port In Computer networks a proxy server is a server (a computer system or an application program which services the requests of its clients by forwarding Transport Layer Security ( TLS) and its predecessor Secure Sockets Layer ( SSL) are Cryptographic protocols that provide secure The Ident Protocol, specified in RFC 1413 is an Internet protocol that helps identify the user of a particular TCP connection. WinSCP (Windows Secure copy is an Open source SFTP and FTP client for Microsoft Windows. ! ssh and Computer networking |-! Unix-like and Software licensing |-! Computer insecurity OpenSSH ( OpenBSD Secure Shell Putty is a generic term for a plastic material similar in texture to Clay or Dough typically used in domestic construction and repair as a sealant or filler Telnet ( Tel ecommunication net work is a Network protocol used on the Internet or local area network (LAN connections Tera Term is an open source free software terminal emulator (communication program for MS-Windows Telnet ( Tel ecommunication net work is a Network protocol used on the Internet or local area network (LAN connections SSHFS ( Secure SHell FileSystem) is a File system for Linux (and other operating systems with a FUSE implementation such as Mac ! ssh and Computer networking |-! Unix-like and Software licensing |-! Computer insecurity Dropbear is a software package written Web-based SSH makes it possible to access Secure Shell servers through standard Web browsers. FI les transferred over SH ell protocol is a protocol to use SSH or RSH to transfer files between computers and manage remote files org
  3. ^ SSH Frequently Asked Questions
  4. ^ Nicholas Rosasco and David Larochelle. How and Why More Secure Technologies Succeed in Legacy Markets: Lessons from the Success of SSH. Quoting Barrett and Silverman, SSH, the Secure Shell: The Definitive Guide, O'Reilly & Associates (2001). Dept. of Computer Science, Univ. of Virginia. Retrieved on 2006-05-19. Year 2006 ( MMVI) was a Common year starting on Sunday of the Gregorian calendar. Events 1535 - French explorer Jacques Cartier sets sail on his second voyage to North America with three ships 110 men and
  5. ^ OSSH Information for VU#419241

External links

This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL. The Open Directory Project ( ODP) also known as dmoz (from directory The Free On-line Dictionary of Computing ( FOLDOC) is an online searchable encyclopedic Dictionary of Computing subjects The GNU Free Documentation License ( GNU FDL or simply GFDL) is a Copyleft License for free documentation designed by the Free Software

© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
 Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic