Developed by SSH Communications Security Ltd., SSH is a program for logging into a network computer remotely, executing commands on a remote machine, and moving files from one machine to another. It provides strong authentication and secure encrypted communications between two hosts over an insecure network. It is a replacement for rlogin, rsh, rcp, rdist and telnet. By using SSH’s slogin (instead of rlogin), the user initiates an entire login session, including password transmission, that is encrypted.
SSH protects against:
- IP spoofing – a remote host sends out packets which pretend to come from another trusted host.
- IP source routing – a host can pretend that an IP packet comes from another trusted host.
- DNS spoofing – an attacker forges name server records
- Interception of clear text passwords and other data by intermediate hosts
- Manipulation of data by people in control of intermediate hosts
- Attacks based on listening to X authentication data and spoofed connection to the X11 server
- Essentially protects against any network attack
SSH does not protect against:
- A malicious user gaining root access to host (remote) machine
- A malicious user gaining root access to the recipient machine
Encryption is a process of translating information that is legible to humans into information that can only be read by a computer. The process of translating the information back into its original form is called decryption. To properly decrypt information, a computer must know which “key” to use as reference.
SSH has the ability to “tunnel” information and applications. Tunneling is the process of enclosing private data in an ordinary, encrypted TCP/IP SSH packet, and channeling the information from the SSH session on the network connection. Tunneling is not encryption, the method used by SSH to protect information.