Using SSH (Secure Shell) – An overview!

Transactional and data security has always been a major issue whenever any information is exchanged between remote computers. Telnet protocol, one of the most popular methods to connect to a remote computers in the pre-SSH era was open to sniffing attacks by hackers – a similar one took place in Helsinki University.switch

In response to this security breach, Tatu Ylonen, one of the university researchers, designed a security protocol. This was the first version of the protocol, now called SSH-1 (Secure Shell-1). The SSH protocol was intended to replace the less secure protocols like rlogin, TELNET and rsh. By the end of 1995, SSH had found believers in 50 countries with more than 20,000 active users.

SSH – A Technical view…

SSH (Secure Shell) was designed to provide a hack-proof security protocol when accessing a remote computer. So, when we try to login to a remote computer, SSH helps us to login and execute commands in a remote machine while keeping the whole session encrypted and completely secure from any sniffing attacks. SSH is being utilized as a secure channel of communication over remote networks – and is utilized as a replacement for telnet, rlogin, rsh, and rcp.

So, SSH, while providing the most robust authentication protocol, also ensures secure file transfer, X session forwarding, and port forwarding while keeping the whole session encrypted. In addition, SSH is also being utilized by network administrators for rsync and for taking secure network backups. As of now there are two versions of SSH..

  1. SSH1: First commercial version of the SSH protocol
  2. SSH2: Second commercial version of the SSH protocol

OpenSSH is the free and most popular connectivity suit which uses SSH2, because of its enhanced key exchange algorithm. However, the OpenSSH suite does support version SSH1. Most of the network security experts would recommend the use of SSH2 compatible server and clients.

SSH – Areas of protection…

While SSH protocol is intended to protect any network communication, some of the more popular areas of security breach can be highlighted here..

  • IP source Routing: This security breach takes place when a host pretends that an IP packet is originating from another trusted host
  • IP Spoofing: In this type of breach, a remote host transmits packets which pretend to come from another trusted host
  • DNS Spoofing: Here, the attacker forges the name server records
  • Data manipulation by authorized personnel who have access to intermediate hosts

SSH is almost hack safe because..

  • It never trusts the network
  • If the network is experiencing a hostile takeover, it will only result in the disconnection of SSH, but any decryption, traffic play back or connection hijacking is impossible.

One point to note here is that the above security protocol is based on encryption – and you can also choose not to encrypt – but, in reality this option is used for debugging purpose only.

Difference between SSH1 and SSH2…

As we have dwelled a bit on SSH1 and SSH2, it is imperative that we bring out a few differences between the two versions of SSH..

  • SSH1 and SSH2 are 2 entirely different protocols
  • SSH1 uses server and host keys to authenticate systems
  • SSH2 only uses host keys to authenticate systems
  • While SSH2 is a complete rewrite of SSH1, it is also the more secure of the two versions
  • SSH1 and SSH2 are not compatible with each other
  • SSH2 is more efficient and portable as compared to SSH1

The latest version of SSH1 is 1.2.27, and SSH2 is 2.2.0.

As of 2005, OpenSSH is the single most popular ssh implementation, and OpenSSH uses SSH2. If you are using a 2002 and later versions of Linux, then OpenSSH should come installed with it. OpenSSH can be obtained from http://www.openssh.org/