ssh: Secure Shell
The design of ssh is full of hooks for future extensibility. First of all, the client and the server exchange a “software version” and a “protocol version” at the beginning of each section. While the “software version”is mainly used in debugging problems, the “protocol version” is a great resource to accomplish smooth upgrading from one version of the software to the next one. Both the client and the server are required to support at least the previous version of the protocol, in addition to the current one. This requirement is designed to help deal with the transition period whenever the protocol gets enhanced (which doesn't happen too often). When running ssh<\!s>-v, you can see, among other things, the exchange of version strings.
Another great design feature of the protocol is that new cryptographic algorithms (“ciphers”) can be added to the basic machinery without losing generality. This is accomplished by making the choice of the cipher to use at runtime. During handshake (the first few packets being exchanged by the communicating parties), the server declares which ciphers it supports, and the client chooses one of those ciphers. Every ssh implementation is required to support at least 3DES, in order to ensure a secure link can be established between any client and any server. Users and/or organizations are, nevertheless, free to implement new ciphers and specify them as the default choice. A few ciphers are part of the official ssh distribution, and the user can ask for a specific algorithm on the ssh command line to override the default.
The protocol also supports compression of session data. A compressed session can actually be faster than a non-compressed one, if the local network is slightly loaded. Once again, compression is optional, and the communicating parties agree whether or not to use it.
The standardization efforts endorsed by the IETF are aimed at defining version 2.0 of the secure shell protocol (the version supported by ssh-1.2.20 is called 1.5). The Internet drafts currently available document three different aspects of the upcoming 2.0 protocol:
the connection protocol, draft-ietf-secsh-connect-00.txt),
the transport-layer protocol, draft-ietf-secsh-transport-00.txt)
the authentication protocol, draft-ietf-secsh-userauth-00.txt.
These documents are quite technical, but very interesting to peruse. The protocol the IETF is working on looks promising, giving even more flexibility than the current one.
The curious reader is urged to browse the network to retrieve more information on these topics. I can provide a few pointers to begin with, but I'm pretty sure you'll find several more pointers about this kind of topic.
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
- RSS Feeds
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- Validate an E-Mail Address with PHP, the Right Way
- Using Salt Stack and Vagrant for Drupal Development
- Tech Tip: Really Simple HTTP Server with Python
- New Products
- Ahh, the Koolaid.
22 min 26 sec ago
- git-annex assistant
6 hours 22 min ago
- direct cable connection
6 hours 44 min ago
- Agreed on AirDroid. With my
6 hours 54 min ago
- I just learned this
6 hours 59 min ago
7 hours 29 min ago
- not living upto the mobile revolution
10 hours 20 min ago
- Deceptive Advertising and
10 hours 55 min ago
- Let\'s declare that you have
10 hours 56 min ago
- Alterations in Contest Due
10 hours 57 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.