The Secure Shell (SSH)

687 Words3 Pages
The Secure Shell (SSH) is a protocol to use the network services with security. For example, when an email is send or receive, SSH will automatically encrypt or decrypt the email so that attacker will not intercept in the middle of the transaction [1]. There are two versions of SSH i.e. SSH1 and SSH2. SSH has 3 main components as shown in figure 1: Transport Layer Protocol that provide confidentiality, integrity and authentication; User Authentication Protocol that authenticate client to the server; Connection Protocol that “multiplexes the encrypted tunnel into several logical channels” [1].

Figure 1: Components of SSH [3]

The main benefits of SSH are: Privacy of data, Integrity of data, Authentication of senders and receivers, authorization to access, forwarding “to encrypt other TCP/IP based sessions” [2]. Privacy of data is maintained by encrypting that data that are transferred over the internet. The key is randomly selected and secretly negotiated between client and server and once the session is over, the key get discarded. Different Encryption algorithm are used such as 3-DES (triple-DES), IDEA, Blowfish. For integrity of data and to ensure that data that has arrived is same as data sent, SSH uses keyed hash algorithms based on MD5 and SHA-1 [2]. For SSH, authentication of both sender and receiver is necessary. For client and server authentication, SSH uses stronger and advanced mechanisms such as rlogin style authentication, secret key one-time passwords, per-user public key signatures. [2] Authorization is ensured in SSH by restricting certain functionalities at server level or account level. Due to this control, all features are not available for every SSH implementations rather depends on the authentication method...

... middle of paper ...

...te key to the server. Server verifies whether this key can be used for authentication [3].
Password Authentication: client sends plaintext password to the server encrypted with the key identified in the previous steps [3].
Host-based Authentication: client host preformed authentication instead of client itself for all the clients it supports. Client send signature signed using private key of client host. Server on the basis of this signature authenticate the client [3].

Last phase is data exchange. In data exchange, client and server exchanges the data by creating one or more data channels. In each channel, flow is control using window space available. There are 3 stages of the life of the channel: open channel, data transfer and close channel. One the channel is open by either of the party, data is transferred and then channel is closed by either of the party [3].
Open Document