130
Chapter 9. SSH Protocol
9.1.1. Why Use SSH?
Nefarious computer users have a variety of tools at their disposal to disrupt, intercept, and re route
network traffic in an effort to gain access to your system. In general terms, these threats can be cate
gorized as follows:
Interception of communication between two systems In this scenario, the attacker can be some
where on the network between the communicating entities, copying any information passed be
tween them. The attacker may intercept and keep the information or alter the information and send
it on to the intended recipient.
This can be attack can be mounted through the use of a packet sniffer a common network utility.
Impersonation of a particular host Using this strategy, an attacker's system is configured to pose
as the intended recipient of a transmission. If this strategy works, the user's system will remain
unaware it is communicating with the wrong host.
This can be attack can be mounted through techniques known as DNS poisoning
2
or IP spoofing
3
.
Both techniques intercept potentially sensitive information, and if the interception is for hostile rea
sons, the results can be disastrous.
If SSH is used for remote shell login and file copying, these security threats can be greatly diminished.
This is because the SSH client and server use digital signatures to verify their identity. Additionally,
all communication between the client and server systems is encrypted. Attempts to spoof the identity
of either side of a communication will not work, since each packet is encrypted using a key known
only by the local and remote systems.
9.2. Event Sequence of an SSH Connection
The following series of events help protect the integrity of SSH communication between two hosts.
First, a secure transport layer is created so that the client knows it is communicating with the correct
server. Then, the communication is encrypted between the client and server using a symmetric cipher.
With a encrypted connection to the server in place, the client safely authenticates itself to the server
without sending information in plain text.
Finally, with the client authenticated to the server, several different services can be safely and securely
used through the connection, such as an interactive shell session, X11 applications, and tunneled
TCP/IP ports.
9.3. Layers of SSH Security
The SSH protocol allows any client and server programs built to the protocol's specifications to com
municate securely and to be used interchangeably.
Two varieties of SSH currently exist. SSH version 1 contains several patented encryption algorithms
(however, several of these patents have expired) and a security hole that potentially allows for data to
be inserted into the data stream. The OpenSSH suite under Red Hat Linux 8.0 uses SSH version 2.0 by
default, although it also supports version 1. It is recommended that you use SSH version 2 compatible
servers and clients whenever possible.
2. DNS poisoning occurs when an intruder cracks a DNS server, pointing client systems to a maliciously du
plicated host.
3. IP spoofing occurs when an intruder sends network packets which falsely appear to be from a trusted host on
the network.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved