SSH is designed to replace older, less secure terminal applications used
to log into remote hosts, such as telnet or
rsh. A related program called
scp replaces older programs designed to copy
files between hosts, such as rcp. Because these
older applications do not encrypt passwords transmitted between the client
and the server, avoid them whenever possible. Using secure methods to
remotely log into remote systems decreases the risks for both the client
system and the remote host.
18.1. Features of SSH
SSH (or Secure SHell) is a
protocol which facilitates secure communications between two systems
using a client/server architecture.
The SSH protocol provides the following safeguards:
After an initial connection, the client can verify that it is
connecting to the same server it connected to previously.
The client transmits its authentication information to the
server using strong, 128 bit encryption.
All data sent and received during a session is transferred using
128 bit encryption, making intercepted transmissions extremely
difficult to decrypt and read.
The client can forward X11
 applications from the server. This technique, called
X11 forwarding, provides a secure means to
use graphical applications over a network.
Because the SSH protocol encrypts everything it sends and receives, it
can be used to secure otherwise insecure protocols. Using a technique
called port forwarding, an SSH server can become
a conduit to secure otherwise insecure protocols, like POP, increasing
overall system and data security.
Red Hat Linux includes the general OpenSSH package
(openssh), the OpenSSH server
(openssh-server) and client
(openssh-clients) packages. Please see the chapter
titled OpenSSH in the
Red Hat Linux Customization Guide for instructions on installing and
deploying OpenSSH. Also note that the OpenSSH packages require the
OpenSSL package (openssl). OpenSSL installs several
important cryptographic libraries which enable OpenSSH to provide
A large number of client and server programs can use the SSH
protocol. SSH client applications are available for almost every major
operating system in use today.
18.1.1. Why Use SSH?
Nefarious computer users have a variety of tools at their disposal
which enable them to disrupt, intercept, and re-route network traffic
in an effort to gain access to a system. In general terms, these
threats can be categorized as:
Interception of communication between two
systems — In this scenario, the attacker can be
somewhere on the network between the communicating entities,
copying any information passed between them. The attacker may
intercept and keep the information or alter the information and
send it on to the intended recipient.
This attack can be mounted through the use of a packet sniffer
— a common network utility.
Impersonation of a particular host
— Using this strategy, an attacker's system is configured to
pose as the intended recipient of a transmission. If this strategy
works, the user's system will remain unaware it is communicating
with the wrong host.
This attack can be mounted through techniques known as DNS
or IP spoofing
Both techniques intercept potentially sensitive information, and if the
interception is for hostile reasons, the results can be disastrous.
If SSH is used for remote shell login and file copying, these security
threats can be greatly diminished. This is because the SSH client and
server use digital signatures to verify their identity. Additionally,
all communication between the client and server systems is
encrypted. Attempts to spoof the identity of either side of a
communication will not work, since each packet is encrypted using a
key known only by the local and remote systems.