Chapter 8: OpenSSH Secure Shell

Overview

Chapter 7 covered the basics of software installation. It also provided some rules of thumb and general techniques that are useful in the installation of many types of software. This chapter is the first of six that will go into detail on the installations of several common, real-world applications. These chapters can be used as references. After reading them you'll be able to install almost any software you come across, on almost any system.

OpenSSH is a subproject of the OpenBSD project. The OpenBSD project is one of the free, open source offshoots of the original BSD Unix-like system. (See Chapter 1 for a discussion of the lineage of Unix systems.) OpenBSD is focused on security, and it makes extensive use of strong cryptography, rigorous code auditing, and other security measures. OpenSSH is the implementation of the Internet Engineering Task Force's (IETF) Secure Shell (SSH) protocol standard, which is developed by the IETF's secsh working group. OpenSSH has been ported to a variety of platforms, including Linux-based systems.

OpenSSH is composed of both a server and a suite of clients. The server program, named sshd, provides encrypted, secure remote access to a server or workstation. The clients remotely access servers running sshd (or another compatible program) and provide functionality such as simple remote login (via the ssh client program) and secure file transfers (via the scp, "secure copy", and sftp, "secure FTP", programs). Since SSH is a standard protocol, the OpenSSH clients and server interoperate with any other software that implements the SSH protocol.

The OpenSSH package that is installed on Linux systems is not actually the same version that ships with OpenBSD systems. OpenSSH comes in two flavors: the core OpenBSD version and a slight variant of it, which is the "portable" version. This portable version is maintained in parallel to the core OpenBSD version and is what users actually download and install on non-BSD systems.

OpenSSH is fairly straightforward to install and configure. OpenSSH relies on the OpenSSL generic cryptography library for some of its functionality. (OpenSSL is provided by most distributions, so it is already present on most recent systems. If it's not present on your system, you can install it in a fashion similar to that described later in this chapter for the Dante library.) Once installed, it looks for configuration files (for both client and server programs) in a specific directory, which is normally /etc/ssh. The configuration files in that directory control the run-time behavior of OpenSSH.

OpenSSH itself is provided by most distributions. Citing it as an example here might therefore be viewed as somewhat redundant. However, as this book aims to be useful beyond mere Linux systems, OpenSSH was selected as an example anyway. The material from this section can be applied to install OpenSSH not only on Linux systems that don't already have it (such as older distributions), but also on other Unix-like systems, such as commercial systems. An SSH implementation is a must-have, and OpenSSH is one of the best around. In addition, its utility as a classic example of an application configured from /etc contributed to OpenSSH's inclusion in this chapter.

Purpose: Free implementation of the SSH (Secure SHell) remote access protocol

Authors: The OpenBSD Project

Web site: http://www.openssh.org

Description: OpenSSH is a free (open source) implementation of the Internet Engineering Task Force's (IETF) standard SSH protocol. This protocol provides strongly encrypted, secure access to remote systems via a telnet-like interface.