Although SSH stands for Secure Shell, it is not a true shell in the sense of the Unix Bourne
shell and C shell. It is not a command interpreter, nor does it provide wildcard expansion,
command history, and so forth. Rather, SSH creates a channel for running a shell on a
remote computer, in the manner of the Unix rsh command, but with end-to-end encryption
between the local and remote computer.
SSH is also not a complete security solution-but then, nothing is. It won't protect computers from active break-in attempts or denial-of-service attacks, and it won't eliminate other hazards such as viruses, Trojan horses, and coffee spills. It does, however, provide robust and user-friendly encryption and authentication.
A client program included in SSH1, SSH2, OpenSSH, F-Secure SSH, and other products, for running secure terminal sessions and remote commands. In SSH1 and SSH2, it is also named ssh1 or ssh2, respectively.
OpenSSH
The product OpenSSH from the OpenBSD project (see http://www.
openssh.com/), which implements both the SSH-1 and SSH-2 protocols. OpenSSH/1
OpenSSH, referring specifically to its behavior when using the SSH-1
protocol.
OpenSSH/2
OpenSSH, referring specifically to its behavior when using the SSH-2 protocol.
protocols in common use: SSH-1 (a.k.a SSH-1.5) and SSH-2. We will distinguish these protocols
later.
SSH is also not a complete security solution-but then, nothing is. It won't protect computers from active break-in attempts or denial-of-service attacks, and it won't eliminate other hazards such as viruses, Trojan horses, and coffee spills. It does, however, provide robust and user-friendly encryption and authentication.
The SSH Protocol
SSH is a protocol, not a product. It is a specification of how to conduct secure [2]
communication over a network.
The SSH protocol covers authentication, encryption, and the integrity of data transmitted over a network, as shown in Figure 1-2. Let's define these terms:
Authentication
Reliably determines someone's identity. If you try to log into an account on a remote computer, SSH asks for digital proof of your identity. If you pass the test, you may log in; otherwise SSH rejects the connection.
Encryption
Scrambles data so it is unintelligible except to the intended recipients. This protects
your data as it passes over the network.
Integrity
Guarantees the data traveling over the network arrives unaltered. If a third party captures and modifies your data in transit, SSH detects this fact.
Figure 1.2. Authentication, encryption, and integrity
SSH is a protocol, not a product. It is a specification of how to conduct secure [2]
communication over a network.
The SSH protocol covers authentication, encryption, and the integrity of data transmitted over a network, as shown in Figure 1-2. Let's define these terms:
Authentication
Reliably determines someone's identity. If you try to log into an account on a remote computer, SSH asks for digital proof of your identity. If you pass the test, you may log in; otherwise SSH rejects the connection.
Encryption
Scrambles data so it is unintelligible except to the intended recipients. This protects
your data as it passes over the network.
Integrity
Guarantees the data traveling over the network arrives unaltered. If a third party captures and modifies your data in transit, SSH detects this fact.
Figure 1.2. Authentication, encryption, and integrity
In short, SSH makes network connections between computers, with strong guarantees that
the parties on both ends of the connection are genuine. It also ensures that any data passing
over these connections arrives unmodified and unread by eavesdroppers.
1.3.1 Protocols, Products, Clients, and Confusion
SSH-based products-i.e., products that implement the SSH protocol-exist for many flavors of Unix, Windows, Macintosh, and other operating systems. Both freely distributable and commercial products are available. [Section 13.3]
The first SSH product, created by Tatu Ylönen for Unix, was simply called "SSH." This causes confusion because SSH is also the name of the protocol. Some people call Ylönen's software "Unix SSH," but other Unix-based implementations are now available so the name is unsatisfactory. In this book, we use more precise terminology to refer to protocols, products, and programs, summarized in Sidebar "Terminology: SSH Protocols and
Products", In short:
1.3.1 Protocols, Products, Clients, and Confusion
SSH-based products-i.e., products that implement the SSH protocol-exist for many flavors of Unix, Windows, Macintosh, and other operating systems. Both freely distributable and commercial products are available. [Section 13.3]
The first SSH product, created by Tatu Ylönen for Unix, was simply called "SSH." This causes confusion because SSH is also the name of the protocol. Some people call Ylönen's software "Unix SSH," but other Unix-based implementations are now available so the name is unsatisfactory. In this book, we use more precise terminology to refer to protocols, products, and programs, summarized in Sidebar "Terminology: SSH Protocols and
Products", In short:
Terminology: SSH Protocols and Products
A client program included in SSH1, SSH2, OpenSSH, F-Secure SSH, and other products, for running secure terminal sessions and remote commands. In SSH1 and SSH2, it is also named ssh1 or ssh2, respectively.
OpenSSH
The product OpenSSH from the OpenBSD project (see http://www.
openssh.com/), which implements both the SSH-1 and SSH-2 protocols. OpenSSH/1
OpenSSH, referring specifically to its behavior when using the SSH-1
protocol.
OpenSSH/2
OpenSSH, referring specifically to its behavior when using the SSH-2 protocol.
A generic term referring to SSH protocols or software products.
The SSH protocol, Version 1. This protocol went through several
revisions, of which 1.3 and 1.5 are the best known, and we will write
SSH-1.3 and SSH-1.5 should the distinction be necessary.
The SSH protocol, Version 2, as defined by several draft standards
documents of the IETF SECSH working group.[Section 3.5.1]
Tatu Ylönen's software implementing the SSH-1 protocol; the original
SSH. Now distributed and maintained (minimally) by SSH
Communications Security, Inc.
The "SSH Secure Shell" product from SSH Communications Security,
Inc. (http://www.ssh.com). This is a commercial SSH-2 protocol
implementation, though it is licensed free of charge in some
circumstances.
implementation, though it is licensed free of charge in some
circumstances.
[2]
Although we say "the SSH protocol," there are actually two incompatible versions of the
Although we say "the SSH protocol," there are actually two incompatible versions of the
No comments:
Post a Comment