Tuesday, September 8, 2009

SSH : Secure Shell

Using SSH [Secured SHell] is a very good mechanism to work on a remote system with full secured communication between client and server as the communicate is under SSL and no one sitting over the wire can read the encrypted data being transferred.

SSH came up as a replacement to the old unsecured protocols like ftp,telnet.
What all makes difference :
- Security
OpenSSH supports 3DES, Blowfish, AES and arcfour as encryption algorithms. These are patent free.Encryption is started before authentication, and no passwords or other information is transmitted in the clear. Encryption is also used to protect against spoofed packets.

- Compression
Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections).The compression algorithm is the same used by gzipCompression is desirable on modem lines and other slow connections, but will only slow down things on fast networks.

- Key based authentication [RSA / DSA]
Strong authentication protects against several security problems, e.g., IP spoofing, fakes routes, and DNS spoofing. The authentication methods are: .rhosts together with RSA based host authentication, pure RSA authentication, one-time passwords with s/key, and finally authentication using Kerberos.

- Secure file transfer [scp/sftp]
@ scp
File transfer is carried out at port 22,Much similar to the BSD rcp, but here data is encrypted while transfer over the wire using the authentication and confidentiality of SSH.
Similar to SSH, SCP request any passwords required to connect to a remote host, which rcp is not capable of.
@ sftp
SFTP is not FTP run over SSH, but rather a new protocol designed from scratch.All role that SSH plays here is providing the authentication and security to the communication.sftp is sluggish in transferring of files when compared to scp.

- X11 Communication
GNOME's Nautilus have support under which remote X windows can be accessed and that also securely using the SSH.In the location bar just type in the ssh://user:password@hostname and then just in a matter of seconds you will be connected to the remote machine in GUI.And once there drag and drop can be done.

Little better one is not to pass in the password in the URI,but typing in when the system ask for it.So we can simply do ssh://user@hostname

References :
- openssh Best Practices
- The gr8 Wikipedia


Post a Comment