05-07-2012, 11:42 AM
Open Secure Shell
Open Secure Shell .ppt (Size: 656 KB / Downloads: 272)
What is SSH & OpenSSH
Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively). The protocol specification distinguishes two major versions that are referred to as SSH-1 and SSH-2.
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security.
The Need For SSH
With the evolution of the internet, services such as file transfers, remote logins, and remote command executions became possible.
Existing implementations of protocols that supported these services included ftp, rcp, telnet, rlogin, and rsh.
Problem existed with these protocols:
They lacked security ! (r-commands)
Possible for an intruder to intercept and read data.
Telnet was especially risky:
Plaintext user name and password was easily intercepted over the network.
A new protocol was needed to fix these security problems.
Why OpenSSH?
The SSH protocol encrypts all traffic between machines are encrypted. Telnet does not encrypt any information,passwords and account ids are passed in the clear.
OpenSSH is a free program implementing th eSSH protocol
OpenSSH has been reviewed by team of security expert to reduse the number of bugs in it
How OpenSSH works
Establishes encrypted connection
Authenticates user
Negotiates using 2 pairs
Host key pair generated by sshd
Session key pair that changes hourly
Verifies that the server is correct server
Client copies server public key to compare in later sessions
Client generates random key, encrypts it with the server public key and session key
Server decrypts with its private key