Ssh

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

ssh (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over unsecure channels. It is intended as a replacement for rlogin, rsh, and rcp.

Additionally, ssh provides secure X connections and secure forwarding of arbitrary TCP connections.

ssh protects against:

• IP spoofing, where a remote host sends out packets which pretend to come from another, trusted host. Ssh even protects against a spoofer on the local network, who can pretend he is your router to the outside.
• IP source routing, where a host can pretend that an IP packet comes from another, trusted host.
• DNS spoofing, where an attacker forges name server records
• Interception of cleartext passwords and other data by intermediate hosts.
• Manipulation of data by people in control of intermediate hosts
• Attacks based on listening to X authentication data and spoofed connection to the X11 server.

In other words, ssh never trusts the net; somebody hostile who has taken over the network can only force ssh to disconnect, but cannot decrypted or play back the traffic, or hijack the connection.

The above only holds if you actually use encryption. Ssh does have an option to use encryption of type "none" this is only for debugging purposes, and should not be used. Ssh will not help you with anything that compromises your host's security in some other way. Once an attacker has gained root access to a machine, he can then subvert ssh, too.

If somebody malevolent has access to your home directory, then security is nonexistent. This is very much the case if your home directory is exported via NFS.

External Links

• SSH FAQ
• SSH Home Page
• PuTTY: A Free Telnet/SSH Client
• Free SSH
• OpenSSH