Welcome guest

SSH

Developed by SSH Communications Security Ltd., Secure Shell is a program to log into another computer over a network, execute commands on a remote machine, and move files from one machine to another. It provides strong authentication and secure encrypted communications between two hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can be forwarded over the secure channel. It is a replacement for rlogin, rsh, rcp, rdist and telnet. SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. By using ssh's slogin (instead of rlogin), the user initiates an entire login session, including transmission of password, that is encrypted; therefore it is almost impossible for an outsider to collect passwords.

One of the key features of SSH that is used is its ability to "tunnel" information and applications. Tunneling is the process of taking any networkable connection between two hosts and channeling the information through the SSH session by encapsulating the private data inside an ordinary (usually encrypted) TCP/IP SSH packets.

  • SSH protects against:
    • IP spoofing, where a remote host sends out packets which pretend to come from another, trusted host. SSH even protects against a spoofer on the local network, who can pretend he is your router to the outside.
    • IP source routing, where a host can pretend that an IP packet comes from another, trusted host.
    • DNS spoofing, where an attacker forges name server records
    • Interception of clear text passwords and other data by intermediate hosts
    • Manipulation of data by people in control of intermediate hosts
    • Attacks based on listening to X authentication data and spoofed connection to the X11 server
    • Basically protects against any net attack. The worst someone who has taken over the network can do, is force SSH to disconnect
  • SSH does not protect against:
    • A malicious user gaining root access to host (remote) machine. Then SSH can do nothing from malicious things that spawn from the host.
    • A malicious user gaining root access to the recipient machine. There is no way to actually filter/protect against unwanted people receiving the data after it leaves the "tunnel" that SSH creates. Remember, SSH only protects data in transit, between two nodes, not the beginning or end result.