31 August 2007

Secure Shell (ssh)

Nearly always the Secure Shell is referred to by its Unix acronym, ssh. While the ssh is analogous to other Unix shells, it's actually part of a more ambitious system to manage peer-to-peer (P2P) communications between client-server nodes. In fact, ssh is more commonly known as a secured communications system, for which the shell interface is a minor part.

Except for a Microsoft product with the same name, ssh is freeware developed in Finland; it facilitates web authoring by allowing the transmission of data in encrypted form. The encryption method involves two "keys," or number generating programs; one is public while the other is private. When a user logs in to a host, the ssh program tells the server which key pair it would like to use for authentication. The server checks if this key is permitted, and if so, sends the user a challenge, a random number, encrypted by the user's public key. The challenge can only be decrypted using the proper private key. The user's client then decrypts the challenge using the private key, proving that it knows the private key but without disclosing it to the server.

In order to actually implement ssh for communication, the host needs to install the ssh daemon (sshd). sshd is the daemon that listens for connections from clients. It is normally started at boot from /etc/rc. It forks a new daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange. Today, when you need to configure a web host to support a content management software (CMS), such as a wiki engine, you will most likely need to use an ssh client.

RESOURCES: Kimmo Suominen, "Getting Started with SSH"; "S 5.64 Secure Shell," Bundesamt für Sicherheit in der Informationstechnik (2004); Ka Chun Leung, "Using SSH," Linux.ie (2002); man page for ssh;

Labels: ,


Post a Comment

<< Home