ssh: Secure Shell

Mr. Rubini gives us an introduction to the ssh program suite and its features, so that we can establish secure communication channels.
Algorithms and Future Directions.

The design of ssh is full of hooks for future extensibility. First of all, the client and the server exchange a “software version” and a “protocol version” at the beginning of each section. While the “software version”is mainly used in debugging problems, the “protocol version” is a great resource to accomplish smooth upgrading from one version of the software to the next one. Both the client and the server are required to support at least the previous version of the protocol, in addition to the current one. This requirement is designed to help deal with the transition period whenever the protocol gets enhanced (which doesn't happen too often). When running ssh<\!s>-v, you can see, among other things, the exchange of version strings.

Another great design feature of the protocol is that new cryptographic algorithms (“ciphers”) can be added to the basic machinery without losing generality. This is accomplished by making the choice of the cipher to use at runtime. During handshake (the first few packets being exchanged by the communicating parties), the server declares which ciphers it supports, and the client chooses one of those ciphers. Every ssh implementation is required to support at least 3DES, in order to ensure a secure link can be established between any client and any server. Users and/or organizations are, nevertheless, free to implement new ciphers and specify them as the default choice. A few ciphers are part of the official ssh distribution, and the user can ask for a specific algorithm on the ssh command line to override the default.

The protocol also supports compression of session data. A compressed session can actually be faster than a non-compressed one, if the local network is slightly loaded. Once again, compression is optional, and the communicating parties agree whether or not to use it.

The standardization efforts endorsed by the IETF are aimed at defining version 2.0 of the secure shell protocol (the version supported by ssh-1.2.20 is called 1.5). The Internet drafts currently available document three different aspects of the upcoming 2.0 protocol:

  1. the connection protocol, draft-ietf-secsh-connect-00.txt),

  2. the transport-layer protocol, draft-ietf-secsh-transport-00.txt)

  3. the authentication protocol, draft-ietf-secsh-userauth-00.txt.

These documents are quite technical, but very interesting to peruse. The protocol the IETF is working on looks promising, giving even more flexibility than the current one.

The curious reader is urged to browse the network to retrieve more information on these topics. I can provide a few pointers to begin with, but I'm pretty sure you'll find several more pointers about this kind of topic.

Resources

Alessandro (rubini@linux.it) is a member of the “Pluto” Italian user group, which is going to meet in Perugia, Italy, during November. See http://www.pluto.linux.it/ for details.

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState