1.4. Overview of SSH FeaturesSo, what can SSH do? Let's run through some examples that demonstrate the major features of SSH, such as secure remote logins, secure file copying, and secure invocation of remote commands. We use SSH1 in the examples, but all are possible with OpenSSH, SSH2, and F-Secure SSH.
1.4.1. Secure Remote LoginsSuppose you have accounts on several computers on the Internet. Typically, you connect from a home PC to your ISP, and then use a telnet program to log into your accounts on other computers. Unfortunately, telnet transmits your username and password in plaintext over the Internet, where a malicious third party can intercept them. Additionally, your entire telnet session is readable by a network snooper.
SSH completely avoids these problems. Rather than running the insecure telnet program, you run the SSH client program ssh. To log into an account with the username smith on the remote computer host.example.com, use this command:
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.$ ssh -l smith host.example.com
1.4.2. Secure File TransferSuppose you have accounts on two Internet computers, email@example.com and firstname.lastname@example.org, and you want to transfer a file from the first to the second account. The file contains trade secrets about your business, however, that must be kept from prying eyes. A traditional file-transfer program, such as ftp, rcp, or even email, doesn't provide a secure solution. A third party can intercept and read the packets as they travel over the network. To get around this problem, you can encrypt the file on firstaccount.com with a program such as Pretty Good Privacy (PGP), transfer it via traditional means, and decrypt the file on secondaccount.com, but such a process is tedious and nontransparent to the user. Using SSH, the file can be transferred securely between machines with a single secure copy command. If the file were named myfile, the command executed on firstaccount.com might be:
When transmitted by scp, the file is automatically encrypted as it leaves firstaccount.com and decrypted as it arrives on secondaccount.com.$ scp myfile email@example.com:
1.4.3. Secure Remote Command ExecutionSuppose you are a system administrator who needs to run the same command on many computers. You'd like to view the active processes for each user on four different computers -- grape, lemon, kiwi, and melon -- on a local area network using the Unix command /usr/ucb/w. Traditionally, one could use rsh, assuming that the rsh daemon, rshd, is configured properly on the remote computers:
Although this method works, it's insecure. The results of /usr/ucb/w are transmitted as plaintext across the network; if you consider this information sensitive, the risk might be unacceptable. Worse, the rsh authentication mechanism is extremely insecure and easily subverted. Using the ssh command instead, you have:#!/bin/sh This is a shell script. for machine in grape lemon kiwi melon On each of these four machines in turn... do rsh $machine /usr/ucb/w invoke the "/usr/ucb/w" program, which done prints a list of all running processes.
The syntax is nearly identical, and the visible output is identical, but under the hood, the command and its results are encrypted as they travel across the network, and strong authentication techniques may be used when connecting to the remote machines.#!/bin/sh for machine in grape lemon kiwi melon do ssh $machine /usr/ucb/w Note "ssh" instead of "rsh" done
1.4.4. Keys and AgentsSuppose you have accounts on many computers on a network. For security reasons, you prefer different passwords on all accounts; but remembering so many passwords is difficult. It's also a security problem in itself. The more often you type a password, the more likely you'll mistakenly type it in the wrong place. (Have you ever accidently typed your password instead of your username, visible to the world? Ouch! And on many systems, such mistakes are recorded in a system log file, revealing your password in plaintext.) Wouldn't it be great to identify yourself only once and get secure access to all the accounts without continually typing passwords? SSH has various authentication mechanisms, and the most secure is based on keys rather than passwords. Keys are discussed in great detail in Chapter 6, "Key Management and Agents", but for now we define a key as a small blob of bits that uniquely identifies an SSH user. For security, a key is kept encrypted; it may be used only after entering a secret passphrase to decrypt it. Using keys, together with a program called an authentication agent, SSH can authenticate you to all your computer accounts securely without requiring you to memorize many passwords or enter them repeatedly. It works like this:
1.4.5. Access ControlSuppose you want to permit another person to use your computer account, but only for certain purposes. For example, while you're out of town you'd like your secretary to read your email but not to do anything else in your account. With SSH, you can give your secretary access to your account without revealing or changing your password, and with only the ability to run the email program. No system-administrator privileges are required to set up this restricted access. (This topic is the focus of Chapter 8, "Per-Account Server Configuration".)
1.4.6. Port ForwardingSSH can increase the security of other TCP/IP-based applications such as telnet, ftp, and the X Window System. A technique called port forwarding or tunneling reroutes a TCP/IP connection to pass through an SSH connection, transparently encrypting it end-to-end. Port forwarding can also pass such applications through network firewalls that otherwise prevent their use. Suppose you are logged into a machine away from work and want to access the internal news server at your office, news.yoyodyne.com. The Yoyodyne network is connected to the Internet, but a network firewall blocks incoming connections to most ports, particularly port 119, the news port. The firewall does allow incoming SSH connections, however, since the SSH protocol is secure enough that even Yoyodyne's rabidly paranoid system administrators trust it. SSH can establish a secure tunnel on an arbitrary local TCP port -- say, port 3002 -- to the news port on the remote host. The command might look a bit cryptic at this early stage, but here it is:
This says "ssh, please establish a secure connection from TCP port 3002 on my local machine to TCP port 119, the news port, on news.yoyodyne.com." So, in order to read news securely, configure your news-reading program to connect to port 3002 on your local machine. The secure tunnel created by ssh automatically communicates with the news server on news.yoyodyne.com, and the news traffic passing through the tunnel is protected by encryption. [Section 9.1, "What Is Forwarding?"]$ ssh -L 3002:localhost:119 news.yoyodyne.com
Copyright © 2002 O'Reilly & Associates. All rights reserved.