SSH (Secure Shell)

You learned about Telnet, a terminal emulation utility that provides remote connections to hosts. Since, if you were a network manager working at one of your company’s satellite offices and had to change the configuration on a router at the home office, you could use Telnet to access the router and run commands to modify its configuration. However, Telnet provides limited security for establishing a connection (poor authentication) and no security for transmitting data (no encryption).
SSH (Secure Shell) is a collection of protocols that does both. With SSH, you can securely log on
to a host, execute commands on that host, and copy files to or from that host. SSH encrypts data
exchanged throughout the session. It guards against a number of security threats, including
unauthorized access to a host, IP spoofing, interception of data in transit (even if it must be
transferred via intermediate hosts), and DNS spoofing, in which a hacker forges name server
records to falsify his host’s identity. Depending on the version, SSH may use DES, Triple DES,
RSA, Kerberos, or other, less-common encryption algorithms or techniques.
SSH was developed by SSH Communications Security, and use of their SSH implementation
requires funding for a license. Nonetheless, open source versions of the protocol suite, such as
OpenSSH, are available for most computer platforms. To form a secure connection, SSH
must be running on both the client and server. Like Telnet, the SSH client is a utility that
can be run at the shell prompt on a UNIX or Linux system or at the command prompt on a
Windows-based system. Other versions of the program come with a graphical interface. The
SSH suite of protocols is included with all modern UNIX and Linux distributions and with
Mac OS X Server and Mac OS X client operating systems. For Windows-based computers,
you need to download a freeware SSH client, such as PuTTY.
SSH allows for password authentication or authentication using public and private keys. For
authentication using keys, you must first generate a public key and a private key on your client workstation by running the ssh keygen command (or by choosing the correct menu
options in a graphical SSH program). The keys are saved in two different, encrypted files on
your hard disk. Next, you must transfer the public key to an authorization file on the host to
which you want to connect. When you connect to the host via SSH, the client and host
exchange public keys, and if both can be authenticated, the connection is completed.