130


Chapter 9. SSH Protocol


9.1.1. Why Use SSH?


Nefarious computer users have a variety of tools at their disposal to disrupt, intercept, and re route


network traffic in an effort to gain access to your system. In general terms, these threats can be cate 


gorized as follows:


Interception of communication between two systems   In this scenario, the attacker can be some 


where on the network between the communicating entities, copying any information passed be 


tween them. The attacker may intercept and keep the information or alter the information and send


it on to the intended recipient.


This can be attack can be mounted through the use of a packet sniffer   a common network utility.


Impersonation of a particular host   Using this strategy, an attacker's system is configured to pose


as the intended recipient of a transmission. If this strategy works, the user's system will remain


unaware it is communicating with the wrong host.


This can be attack can be mounted through techniques known as DNS poisoning


2


or IP spoofing


3


.


Both techniques intercept potentially sensitive information, and if the interception is for hostile rea 


sons, the results can be disastrous.


If SSH is used for remote shell login and file copying, these security threats can be greatly diminished.


This is because the SSH client and server use digital signatures to verify their identity. Additionally,


all communication between the client and server systems is encrypted. Attempts to spoof the identity


of either side of a communication will not work, since each packet is encrypted using a key known


only by the local and remote systems.


9.2. Event Sequence of an SSH Connection


The following series of events help protect the integrity of SSH communication between two hosts.


First, a secure transport layer is created so that the client knows it is communicating with the correct


server. Then, the communication is encrypted between the client and server using a symmetric cipher.


With a encrypted connection to the server in place, the client safely authenticates itself to the server


without sending information in plain text.


Finally, with the client authenticated to the server, several different services can be safely and securely


used through the connection, such as an interactive shell session, X11 applications, and tunneled


TCP/IP ports.


9.3. Layers of SSH Security


The SSH protocol allows any client and server programs built to the protocol's specifications to com 


municate securely and to be used interchangeably.


Two varieties of SSH currently exist. SSH version 1 contains several patented encryption algorithms


(however, several of these patents have expired) and a security hole that potentially allows for data to


be inserted into the data stream. The OpenSSH suite under Red Hat Linux 8.0 uses SSH version 2.0 by


default, although it also supports version 1. It is recommended that you use SSH version 2 compatible


servers and clients whenever possible.


2. DNS poisoning occurs when an intruder cracks a DNS server, pointing client systems to a maliciously du 


plicated host.


3. IP spoofing occurs when an intruder sends network packets which falsely appear to be from a trusted host on


the network.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved