Trace: what-is-ssh

Table of Contents

What is SSH

Introduction

SSH is acronym based on original name of the application “Secure Shall”. Like the name already say in this cause we are speaking about secure way how to communicate with server. On another hand we are not really talking about standard Shell environment like bash, sh, kshell, cshell, … .

In this cause we are speaking about way how to connect remotely to an server in secure way. SSH is providing secure way to communicate between server and client based on encrypting of transferred data. According to this it is possible to transfer data between your PC and server without making them visible for anyone who would potentially capture this transferred data.

SSH protocol is working in Client / Server mode. It mean that on the destination host it is required to run a SSH server (as well known as SSH demon), in most cases it is listening on the standard 22/TCP port (but you can change it). On the host from where the SSH connection will be initialized is required to run a SSH Client.

in short it is a protocol, using Client /Server model, used for secure transfer of data between one or more hosts on a network.

What is provided at SSH protocol

SSH protocol is providing authentication and safe way how to transfer your data across the network between Client and Server.

Authentication

SSH protocol is providing simple and effective way how to verify Client as well Server identity based not only on username and password but it is using public and private key of Server and Client. According to this Client as well Server are able to verify etch other.

According to this at the time when the SSH connection is establishing we do have several authentications running in parallel. Client is validating that the Server is the one that he is saying to be as well Server is validating the Client.

In this way the SSH protocol is preventing the “Man in the middle” attack.

Authorization

After successful authentication of SSH Client it is possible to configure rights on the SSH Server site. It is possible to define what is SSH Client allowed to do on SSH server. According to this it is possible for example:

-Disable/Enable TCP port forwarding
-Disable/Enable X server forwarding
-Disable/Enable SSH Agent Forwarding
-Disable/Enable …

Data Encryption

SSH protocol is using key sets of Client and Server to encrypt the data with private and public key of Client and Server. According to this in the cause that someone is listening to the communication between Server and Client it is required to have 4 keys for Decode this communication .

Data sent from Server –>to–> Client are encrypted with Private key of Server and Public key of Client
Data sent from Client –>to –> Server are encrypted with Private key of Client and Public key of Server

Encode Encode Decode Decode
Source
Destination Private key Public key Private key Public key
Client Server Client Server Server Client
Server Client Server Client Client Server

Data Integrity

SSH protocol is running like “higher layer” on TCP/IP protocol. As well TCP/IP protocol is providing integrity checks, but it is provided on “lower level”. In this cause SSH protocol is able to verify data sent from source and identify data that have been modified or duplicate. According to this SSH is able to identify replay attacks and ignore this traffic (In the cause that someone who is doing packet capture of communication between SSH Client and Server and would like to replay again same traffic to Client or Server.).

Network Tunneling

SSH protocol is able to do Tunneling of TCP/IP protocol between Client and Server.It is possible to do:


- TCP port forwarding. This is useful in some cases when you would like to connect from one point to another and you would like to have encryption of transferred data or the destination port is blocked for the source IP.
- - For example: On destination server you are running application that is listening on loopback IP address (127.0.0.1). It is not listening on any another IP of the server (for example you would like to prevent attacks). According to this your Client is not able to access directly the loopback IP (127.0.0.1) of the server. It is possible to do TCP port forwarding with SSH protocol. In this cause it is possible to open SSH connection to Server and link the Server TCP port listening on loopback IP (127.0.0.1) to local Client TCP port. According to this you can connect to your local TCP port and this traffic will be transferred to remote Server’s TCP port. The whole communication between Client and Server will be encrypted.


- Creating a standard TCP/IP tunnel (like VPN) :
- - It is possible to create a standard tunneling interface with SSH protocol. In this cause it is required to connect from Client to SSH Server with “root” account. This will create a standard network interface on Client as well on Server site. It is possible to use your Client as well Server like router between two networks.


- Tunneling of application.
- - As well it is possible to do tunneling of an application over SSH session. This can be used in causes like:
- - - SSH agent forwarding (to forward you SSH keys over several SSH hops, so that you do not need to copy and store your private keys on all SSH Servers - hops)
- - - In the cause that you would like to back up an image of you disk it is possible to use “dd” over SSH session

URL's

Commercial SSH applications: http://www.ssh.com
Open source: http://openssh.com


You are here: start » wiki » infrastructure_tools » ssh » what-is-ssh

Navigation

Infrastructure Tools
- Nagios
- Netdisco
- NTP
- SNMP
- SSH
- WMI

OS
- CentOS
- Slackware
- HP Unix

HW
- Cables
- WI-FI / WLAN

Programming Languages
- AWK
- Expect
- Perl
- Shell

Philosophy
- Philosophy

Print/export
QR Code
QR Code wiki:infrastructure_tools:ssh:what-is-ssh (generated for current page)