SSH (Secure Shell, RFC 4251)

Alternative to telnet/rlogin protocols/applications.

• Manages secure consoles over TCP/IP.

• Initially conceived to replace telnet.

• Used for other applications.

  • Secure execution of remote commands (rsh/rexec).

  • Secure copy of contents between machines (rcp).

  • Secure FTP (sftp).

  • Creation of arbitrary secure tunnels (inbound/outbound/dynamic).

Security mechanisms.

• Communication confidentiality and integrity.

  • Key distribution.

• Authentication of communication endpoints.

  • Servers/machines.

  • Client users.

  • Both have different techniques.

Authentication mechanisms

Server: with asymmetric keys pair.

• Inline public key distribution.

  • Not certified!

• Clients cache previously used public keys.

  • Caching should occur in a trustworthy environment.

  • An update of a server’s key raises a problem for its usual clients.

Client users: configurable.

• Username + password

  • By default.

• Username + private key.

  • Upload of public key in advance to the server.