SSH, also known as secure shell, is a protocol for secure remote login, file transfer, and tunneling. It can be used as a secure replacement for the more familiar telnet and rlogin protocols without any noticeable difference to the user . For file transfers, SSH can be used as a secure replacement for rcp and ftp . Finally, SSH can be used to tunnel traffic over an encrypted channel. In other words, SSH can be used to transport otherwise insecure traffic more securely. For example, it can be used to encrypt the username and password data transmitted by ftp .
SSH is a more secure protocol than the traditional protocols because it encrypts traffic. The other protocols transmit data in cleartext, which, as you know, can then be captured by packet sniffers.
There are two versions of the SSH protocol: SSH1 and SSH2. As you might have guessed, SSH1 is the original version, and SSH2 is a more recent development. The SSH2 protocol is the version currently being developed, although fixes are occasionally released for SSH1 because it is still in use. It seems like it's a good idea to keep both around: When critical bugs are discovered in one, a typical fallback is to recommend switching it off and using only the other, until the bugs are repaired.
The SSH protocol was first developed by Tatu Ylonen in 1995. In that same year he also founded SSH Communications Security, and currently serves as its president and CEO. SSH Communications Security offers commercial and free versions of their SSH server and client products. The company originally sold products through another company called Data Fellows, which is now F-Secure. F-Secure has marketing rights for SSH and also sells SSH servers and clients . Both companies currently work on further developing SSH2.
There is also an SSH Open Source project called OpenSSH. This is the SSH distribution that Apple includes with Mac OS X. OpenSSH shares a common history with OpenBSD, which is the BSD variant most concerned with security above all else. It is also based upon Tatu Ylonen's early SSH code. OpenSSH provides support for both SSH1 and SSH2 protocols. There is usually little noticeable difference between using an SSH server from one of the companies and using the OpenSSH package.
Because the OpenSSH package is the package included with Mac OS X, it is the package on which we will concentrate our discussion. The package supports these encryption algorithms: DES, 3DES, Blowfish, CAST-128, Arcfour, AES, RSA, and DSA.
NOTEIf you are interested in the underlying specifics of the SSH protocol, check the Internet drafts of the Secure Shell (secsh) Working Group of the IETF at http://www.ietf.org/ids.by.wg/secsh.html. A good one to start with is the draft on the overall architecture of the SSH protocol. |
Top |