Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.
3. Introduction
History
Functions
Architecture
Protect against
Disadvantages
Conclusion
References
4. a network protocol
allows secure communication between two
computers
Shell-a command line interface present on
every computer, used to log into a remote
machine and execute commands
5. Encryption provides confidentiality and integrity
of data
uses public-key cryptography
6. Tatu Ylonen designed the first version of the
protocol (SSH-1) in 1995
Goal of SSH is to replace the earlier rlogin,
TELNET and rsh
It was made as open source later and gained
popularity
7. In 1996 SSH-2 was designed which is
incompatible with previous version
SSH-2 featured both security and feature
improvements over SSH-1
Better security through Diffie-Hellman key
exchange
Strong integrity checking via message
authentication codes
8. Bjorn Gronvall's OSSH developed from this codebase
“Portability" branch was formed to port OpenSSH to other operating
systems
As of 2005
OpenSSH is the single most popular ssh implementation
The default in a large number of operating systems.
OSSH meanwhile has become obsolete
In 2006, SSH-2 protocol became a proposed Internet standard
10. Allow you to edit files.
View the contents of directories.
Custom based applications.
Create user accounts.
Change permissions.
Anything can be done from command
prompt can be done remotely and securely.
11. provide security to TCP/IP applications
including e-mail, sales and customer contact
databases, and in-house applications.
allows data from normally unsecured TCP/IP
applications to be secured.
12.
13. A subsystem of the Secure Shell protocol.
to handle file transfers.
encrypts both the username/password and
the data being transferred.
Uses the same port as the Secure Shell
server, eliminating the need to open another
port on the firewall or router.
14.
15. The SSH-2 protocol has a clean internal
architecture with well-separated layers:
Transport Layer
User Authentication Layer
Connection Layer
Defined in “RFC 4251”
16. Handles initial key exchange and server authentication
sets up encryption, compression and integrity
verification.
It exposes to the upper layer an interface for sending
and receiving plaintext packets of up to 32kb
also arranges for key re-exchange
17. It handles client authentication
Provides a number of authentication methods.
Authentication is client-driven
19. A method for straightforward password
authentication
Includes a facility allowing a password to be
changed
20. A method for public key-based authentication
Symmetric key (secret)
Asymmetric key (public and private)
21.
22. The server sends one or more prompts to enter
information
The client displays them and sends back responses
keyed-in by the user
Used to provide one-time password authentication
such as S/Key or SecurID.
Used by some OpenSSH configurations when PAM is
the underlying host authentication provider to
effectively provide password authentication
23. Stands for Generic Security Services
Application Program Interface.
the exchange of opaque messages (tokens)
which hide the implementation detail from the
higher-level application.
24. Defines the concept of channels, channel requests and
global requests using which SSH services are provided.
A single SSH connection can host multiple channels
simultaneously, in duplex mode
Channel requests are used to relay out-of-band channel
specific data, such as the changed size of a terminal
window or the exit code of a server-side process.
The SSH client requests a server-side port to be forwarded
using a global request.
26. Dynamic ports cannot be forwarded.
Sometimes port forwarding also introduces
security problems.
A client on the internet that uses SSH to access
the intranet, can expose the intranet by port
forwarding.
27. As compared to the other link, network, and application
security measures like IPsec, n PGP, Secure Shell is
relatively secure, reliable, quick and easy.
By deploying Secure Shell, companies create a
comprehensive general-purpose tunneling platform that
can be used to implement a wide variety of security
policies, ensuring the privacy, authenticity, authorization
and integrity of many different applications.
28. [1] Cusack, F. and Forssen, M. "Generic Message Exchange
Authentication for the Secure Shell Protocol (SSH)," RFC 4256,
January 2006.
[2] Lehtinen, S. and Lonvick, C., "The Secure Shell (SSH) Protocol
Assigned Numbers," RFC 4250, January 2006.
[3] JSchlyter, J. and Griffin, W. "Using DNS to Securely Publish Secure
Shell (SSH) Key Fingerprints," RFC 4255, January 2006.
[4] Ylonen, T., "SSH – Secure Login Connections over the Internet,"
Proceedings, Sixth USENIX UNIX Security Symposium, July 1996.
Editor's Notes
1995: Tatu Ylonen designed the first version of the protocol (SSH-1)
Prompted by a password-sniffing attack at his university’s network
Goal of SSH as to replace the earlier rlogin, TELNET and rsh protocols
Did not provide strong authentication or guarantee confidentiality
Ylonen released his implementation as freeware in July 1995
Tool quickly gained in popularity
Separate protocol layered over the Secure Shell protocol to handle file transfers.