An Introduction to SSH

Tatu Ylönen

 SSH - Secure Shell

 

Tatu Ylönen founded the SSH communication security in 1995.  
You may find more details about this great man on his 
website, https://ylonen.org/.
 

 

 

 

 

  An Introduction to SSH  

What is SSH?

SSH secure your data while it passes over a network  

SSH communication

Some features of SSH:

  •     Data privacy
  •     The integrity of communication - check whether the data have been altered or not
  •     Authentication
  •     authorisation
  •     Forwarding or tunnelling to encrypt other TCP/IP-based sessions

Data Privacy:

SSH ensures data privacy by encrypting your data. Random keys are created when a connection is established between 2 computers, known as a session. The keys are negotiated at the start of the session and destroyed when the session ends. SSH converts data into cyphers using encryption algorithms such as AES, ARCFOUR, Blowfish, Twofish, IDEA, DES, and triple-DES (3DES).

Integrity:

SSH ensures that data transmitted over a network arrive unaltered on the over end.
TCP/IP, an underlying data transfer of SSH, checks for data integrity (packet loss, electrical noise). However, TCP/IP alone is not enough. A replay attack* would counter passe the TCP/IP. SSH protocol uses cryptographic integrity checking. It uses keyed hash algorithms such as md5 and sha-1.
 
A replay attack* is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a spoofing attack by IP packet substitution.

Authentication:

Authentication means verifying someone's identity. Authentication can be done in 2 ways: server authentication and user authentication. Server authentication help to protect against man in the middle attack*. User authentication is done by using a password that is weak and insecure. SSH supports password authentication and encrypts it to send to the server. Telnet or FTP would send your password in the clear over the network. SSH also provides a public key signature and an improved rlogin-style authentication with the host identity verified by the public key. In addition, various SSH implementations support some other systems, including Kerberos, RSA Security's SecurID tokens, S/Key one-time passwords, and the Pluggable Authentication Modules (PAM) system.

Authorisation:

Authorisation means permitting someone.SSH servers have various ways of restricting clients' actions. Access to interactive
login sessions, TCP port and X Window forwarding, key agent forwarding.

Forwarding:

Forwarding means encapsulating another TCP-based service, such as telnet or IMAP, within an SSH session. This gives the encapsulated TCP-based the security benefits of SSH, such as encryption of clear data from telnet.

SSH supports three types of forwarding:
  • TCP port forwarding:-
    •     secure any TCP based services
  • X forwarding:-
    •     Secure the X11 protocol
  • Agent forward:
    •     Permit SSH client to use SSH private key held on a remote machine
 
Ryndia

A warm welcome to all of you, I am Ryndia, and this is my pseudo. Follow my blog and you will see a lot of experiment.

Post a Comment

Previous Post Next Post