An earlier group of posts in this series covered the SSL/TLS protocol in detail. They neglected, however, to mention one of the most common uses of SSL/TLS – to implement a secure form of file transfer known as FTPS.
Traditional FTP as defined in RFC 959 makes no mention of security. This is understandable as it was written in 1985 and based on even older RFCs. This was when universities and the military were the primary users of the […]
The previous post in this series explained how the SSH connection layer works. SSH connections can host logical data pipes called SSH channels, which can be used for interactive sessions, running remote commands, and port forwarding.
Interactive sessions include remote terminal sessions, running of remote commands, and running subsystems. Subsystems are sets of remote commands that are pre-defined on the server machine. The most common subsystem available is SFTP, which provides commands to transfer and manipulate files. […]
The latest report of how hackers were able to remotely control a Jeep Cherokee is rather frightening. In their rush to Internet-enable their vehicles, some manufacturers appear to have neglected the security aspect of their systems.
In this report, it seems that Chrysler’s Uconnect system lets anyone who knows the IP address (numbers that identify it uniquely on the Internet) of a vehicle access it from anywhere! There’s a lot more to the […]
The final piece of SSH-2’s layered architecture is the connection layer, which provides network services such as interactive sessions and port forwarding on top of the transport layer, which supplies the necessary security.
Once established, an SSH connection can host one or more SSH channels, which are logical data pipes multiplexed over the connection. The client can open multiple channels on the one connection to the same server, and perform different network tasks on different channels. In practice, SSH implementations rarely use multiple channels […]
The previous post in this series explained how password authentication works in the user authentication layer of the SSH-2 architecture , which enables the client to identify itself to the server, and be authenticated.
Another very commonly used authentication method is publickey authentication, which is based on public key encryption (discussed in an earlier post). Public key encryption uses two separate but related keys, known as the keypair. One key, known as the private key, is […]
SSH-2 uses a layered architecture, consisting of a transport layer, a user authentication layer, and a connection layer (described here).
The previous post in this series explained the transport layer, which provides encryption, host authentication and integrity checking. Encryption and integrity checking ensure that messages sent between client and server cannot be viewed or tampered with. Host authentication means that the client knows it is communicating with the right server.
The next step is for the client to […]