AN OVERVIEW OF SECURE SHELL
Introduction to Secure Shell
As Internet access becomes increasingly inexpensive and available, it has become a viable replacement for traditional couriers, telephone, and fax, as well as remote dial-up access to a company’s internal computer resources.
One of the biggest challenges in using the Internet to replace more traditional communications is security. In the past, companies have maintained their own modem bank dial-up access to company resources so that critical data wasn’t being transmitted over the public network. Modem banks are expensive to maintain and don’t scale well. In a large company, long distance charges for road warriors alone can make this an expensive solution.
There are three core security requirements for a remote administrative access technology.
Confidentiality: The transmitted data must not be readable by unauthorized parties on the network. Confidentiality is achieved through encryption.
Integrity: Unauthorized parties must not be able to modify the data without detection. Integrity is achieved by using checksum values, which allow detection of tampering attempts at the receiving end.
Authentication: Both parties of the communication must be able to identify each other reliably, so that no one can masquerade as the other party. Authentication can be implemented by using challenge passwords, for example. However, the strongest authentication is achieved through public-key cryptography and digital signatures.
Secure Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.
Secure Shell offers a good solution for the problem of securing data sent over a public network. For example, using Secure Shell and the Internet for securely transferring documents and work products electronically, rather than using a traditional overnight courier can provide a substantial cost saving. Consider that the average shipping rate for a single overnight package is between $15 and $30. The average one month unlimited Internet access account in the U.S. costs about $14 a month and usually offers nationwide dial-up access. Using the Internet with Secure Shell to securely deliver your documents, you could easily recoup the cost of Internet access with just one document transfer.
History of Secure Shell
Secure Shell has seen steady improvement and increased adoption since 1995. The first version of Secure Shell (SSH1) was designed to replace the non-secure UNIX “rcommands” (rlogin, rsh, and rcp). Secure Shell version 2 (SSH2), submitted as an Internet Engineering Task Force (IETF) draft in 1997, addresses some of the more serious vulnerabilities in SSH1 and also provides an improved file transfer solution.
This increasing popularity has been fueled by the broader availability of commercially developed and supported client and server applications for Windows, UNIX and other platforms, and by the efforts of the OpenSSH project to develop an open source implementation.
Functionality of Secure Shell
Secure Shell provides three main capabilities, which open the door for many creative secure solutions.
– Secure command-shell
– Secure file transfer
– Port forwarding
Secure Command Shell
Command shells such as those available in Linux, Unix, Windows, or the familiar DOS prompt provide the ability to execute programs and other commands, usually with character output. A secure command-shell or remote logon allows you to edit files, view the contents of directories and access custom database applications. Systems and network administrators can remotely start batch jobs, start, view or stop services and processes, create user accounts, change permissions to files and directories and more. Anything that can be accomplished at a machine’s command prompt can now be done securely from the road or home.
Port forwarding is a powerful tool that can provide security to TCP/IP applications including e-mail, sales and customer contact databases, and in-house applications. Port forwarding, sometimes referred to as tunneling, allows data from normally unsecured TCP/IP applications to be secured. After port forwarding has been set up, Secure Shell reroutes traffic from a program (usually a client) and sends it across the encrypted tunnel, then delivers it to a program on the other side (usually a server). Multiple applications can transmit data over a single multiplexed channel, eliminating the need to open additional vulnerable ports on a firewall or router.
For some applications, a secure remote command shell isn’t sufficient and graphical remote control is necessary. Secure Shell’s port forwarding capabilities can be used to create an encrypted tunnel over which an application can be run. Virtual Network Client, a cross platform GUI remote control application is a good example.
pay to download full material