Web Traffic

This week91
This month532

Wednesday, 18 October 2017 17:03

SSH and SSH2

The program SSH (Secure Shell) is a secure replacement for telnet and the Berkeley r-utilities (rlogin, rsh, rcp, and rdist). It provides an encrypted channel for logging into another computer over a network, executing commands on a remote computer, and moving files from one computer to another. SSH provides strong host-to-host and user authentication as well as secure encrypted communications over an insecure Internet.

SSH2 is a more secure, efficient, and portable version of SSH that includes SFTP, which is functionally similar to FTP, but is SSH2 encrypted. At Indiana University, UITS has upgraded its central systems to SSH2 (usually the OpenSSH version), and encourages those concerned with secure communications to connect using an SSH2 client.

Mac OS X comes with OpenSSH built in.

When connecting to a server for the first time, SSH presents you with a host key fingerprint for that server and asks you to confirm that you wish to save the new host key to the local database. Before agreeing, you should compare this fingerprint with one you obtain by some other means (e.g., by telephone) from the server administrators to avoid connecting to an imposter server. To avoid this message the next time you connect, click Yes.

Rather than validating identities via passwords, SSH2 can also use public key encryption to authenticate remote hosts. For example, if you were to connect to a remote host called global.conspiracy.org (also running SSH2), SSH2 would use this system to verify that the remote system is the real global.conspiracy.org and not a computer set up to imitate it. If you wish, you can set up SSH2 to use public key authentication rather than passwords for logging into your other accounts, much like the Unix rlogin program. For more information on how to set up SSH and SSH2 to use public key authentication, see In SSH and SSH2 for Unix, how do I set up public key authentication?

Files can also be transferred between the SSH client and server using protocols such as SCP and SFTP, both of which run on top of SSH. While SCP is essentially the old Unix rcp utility transplanted onto a different transport, SFTP is a very flexible remote file manipulation protocol that can be used for a wide variety of purposes. It is also much better standardized. If you find yourself in doubt over which one of these protocols to use, use SFTP. (Note that, apart from the name, SFTP carries virtually no semblance to the FTP protocol that everybody knows and uses. Technically, the protocols are completely different.)

Finally, SSH also provides a service known as the exec request, which is conceptually very similar to a remote console, only without the console. The exec request executes a program on the server like a remote console does, but the program's input and output are sent raw, without any terminal encoding. Exec requests are very useful for network automation purposes.