Chapter 1. Introduction to SSH
Many people today have multiple computer accounts. If you're a reasonably savvy user, you might have a personal account with an Internet service provider (ISP), a work account on your employer's local network, and one or more PCs at home. You might also have permission to use other accounts owned by family members or friends. If you have multiple accounts, it's natural to want to make connections between them. For instance, you might want to copy files between computers over a network, log into one account remotely from another, or transmit commands to a remote computer for execution. Various programs exist for these purposes, such as ftp and rcp for file transfers, telnet and rlogin for remote logins, and rsh for remote execution of commands. Unfortunately, many of these network-related programs have a fundamental problem: they lack security. If you transmit a sensitive file via the Internet, an intruder can potentially intercept and read the data. Even worse, if you log onto another computer remotely using a program such as telnet, your username and password can be intercepted as they travel over the network. Yikes! How can these serious problems be prevented? You can use an encryption program to scramble your data into a secret code nobody else can read. You can install a firewall, a device that shields portions of a computer network from intruders. Or you can use a wide range of other solutions, alone or combined, with varying complexity and cost.
Contents:What Is SSH?
What SSH Is Not
The SSH Protocol
Overview of SSH Features
History of SSH
1.1. What Is SSH?SSH, the Secure Shell, is a popular, powerful, software-based approach to network security. Whenever data is sent by a computer to the network, SSH automatically encrypts it. When the data reaches its intended recipient, SSH automatically decrypts (unscrambles) it. The result is transparent encryption: users can work normally, unaware that their communications are safely encrypted on the network. In addition, SSH uses modern, secure encryption algorithms and is effective enough to be found within mission-critical applications at major corporations.
"SSH" is pronounced by spelling it aloud: S-S-H. You might find the name "Secure Shell" a little puzzling, because it is not, in fact, a shell at all. The name was coined from the existing rsh utility, a ubiquitous Unix program that also provides remote logins but is very insecure.SSH has a client/server architecture, as shown in Figure 1-1. An SSH server program, typically installed and run by a system administrator, accepts or rejects incoming connections to its host computer. Users then run SSH client programs, typically on other computers, to make requests of the SSH server, such as "Please log me in," "Please send me a file," or "Please execute this command." All communications between clients and servers are securely encrypted and protected from modification.
Figure 1-1. SSH architectureOur description is simplified but should give you a general idea of what SSH does. We'll go into depth later. For now, just remember that SSH clients communicate with SSH servers over encrypted network connections. An SSH-based product might include clients, servers, or both. Unix products generally contain both clients and servers; those on other platforms are usually just clients, though Windows-based servers are beginning to appear. If you're a Unix user, think of SSH as a secure form of the Unix r-commands: rsh (remote shell), rlogin (remote login), and rcp (remote copy). In fact, the original SSH for Unix includes the similarly named commands ssh, scp, and slogin as secure, drop-in replacements for the r-commands. Yes, you can finally get rid of those insecure .rhosts and hosts.equiv files! (Though SSH can work with them as well, if you like.) If you're still using the r-commands, switch to SSH immediately: the learning curve is small, and security is far better.
Copyright © 2002 O'Reilly & Associates. All rights reserved.