This site requires JavaScript for navigation. Please enable JavaScript for the best learning experience.
 

Secure Shell (SSH)
Secure Shell was designed as a more secure protocol for remote access to computer systems. It was created as a replacement for Telnet, rlogin (remote login) and rsh (remote shell). SSH encrypts all communication between two SSH endpoints. Secure Shell has its origins in SSH-1. An SSH client connects to the SSH server on TCP port 22.

Tutorial Table of Contents

  1. SSH Versions
  2. Advantages of SSH-2
  3. Why use SSH?
  4. SSH from the command line
  5. SSH Port Forwarding

SSH Versions

There are two versions of the SSH protocol:

  • SSH-1 - The original, developed by Tatu Ylönen.
  • SSH-2 - An open standard developed and outlined in RFC-4251.

SSH-1

SSH-1
SSH-1 is the first version of the SSH protocol family. SSH-1 was created as a research project by Tatu Ylönen at the University of Helsinki in 1995 as a response to a man-in-the-middle attack that occurred at the University. SSH-1 is a single protocol which handles all transport, authentication and security functions.

SSH-2

SSH-2
SSH-2 is a newer protocol developed according to recommendations in RFC-4251. SSH-2 divides its functions into transport, authentication and connection protocols. The transport layer protocol has provisions to better guarantee that communications will be confidential by protecting it with encryption and will have integrity in that it will guarantee the data has not been tampered with during transport between endpoints. The authentication layer has provisions for guaranteeing the identity of the host system and user using public encryption key exchange, user logins and Message Authentication Codes (MACs).

Advantages of SSH-2 vs. SSH-1

  • Message Authentication Codes (MACs)
  • Diffie Hellman Key Exchange
  • Public Key Certificate support
  • Separate Transport, Authentication and Connection layer protocols
  • Multiple Shell sessions over a single connection

Why Use SSH?

Better Security

SSH-2 is more secure from the standpoint that the communication is encrypted and some attempt has been made to guarantee the authenticity of the users , the client and 'server' applications haven't been compromised and that the data being transferred has not been tampered with during transport between the two endpoints. SSH software, like all software, is vulnerable to attacks and should not be used to guarantee security of communication or the systems communicating.

Tunnelling / Port Forwarding

Sometimes, you need to use an communicate with a remote computer when there is a security device between you and a remote computer. By establishing a single SSH connection, other traffic may be forwarded over the SSH connection--in essence, tunneled over the SSH connection. This reduces the number of 'open' ports on the firewall and allows software and programs to function even when there is a firewall or proxy in place.

Securing Insecure Protocols

Often, SSH will be used to transport an insecure protocol, such as X-11, more securely. The X protocol is used for allowing a remote user to view and control the desktop graphical user interface on a remote system. The X-11 protocol has no provisions for security--which means that it could be intercepted and someone else could steal control of the machine. By transporting the X-11 protocol over an SSH connection from the remote desktop machine to your local machine, you prevent anyone else from 'stealing' the connection and gaining control of the remote computer.

SSH from the Command Line

The OpenSSH client has the following command line options:

ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
[-D port] [-e escape_char] [-F configfile] [-i identity_file] [-L
[bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-R
[bind_address:]port:host:hostport] [-S ctl_path] [user@]hostname
[remote-command]

Using OpenSSH from the command line looks something like this:

% ssh user@system

SSH Port Forwarding

  • OpenSSH Command Line
  • SecureCRT GUI
  • Secure CRT Command Line
  • PuTTY GUI
  • PuTTY Command Line

OpenSSH Command Line

Forwarding your POP mail downloads via the SSH client would look something like this:
(mycomputer% is the command line prompt on the local computer where you are running the SSH command).


mycomputer% ssh -f -L 888:mail.somewhere.com:110 myserver
  1. Launches the SSH client
  2. Connects via SSH to host myserver
  3. Any local attempts to connect to port 888 on mycomputer will be forwarded to myserver which will open a TCP connection on port 110 on behalf of mycomputer.

Links

 

 

 


Bookmark this page and SHARE:  

Search

Support InetDaemon.Com

Get Tutorials in your INBOX!

Free Training