SSH - Secure Shell


SSH is a standard designed to allow logging in and execution of commands on a remote computer in a manner similar to telnet, rlogin, and rsh.  Unlike these protocols, it does this through an encrypted network connection  thus offering a much higher level of security. 

The first version of the standard, SSH-1, was designed in 1995 by Tatu Ylönen.  The second version, SSH-2, is being standardized by the IETF SECSH working group.  It offers a higher level of security than its predecessor.

In order for a computer to be able to accept SSH connections, it must be running an SSH server, such as sshd, on a publicly accessible port (usually port 22).  The client computer must have an SSH client, such as CompleteFTP, and be known to the server. 

Private/public key-pairs in SSH typically use either the DSA or RSA asymmetric key algorithms. Most SSH servers support both.

Clients perform server validation in SSH via a known hosts file. The client maintains a file containing the hostname (or IP address) of the SSH server, together with the server's public key. When clients connect to the server, they are sent a copy of the server's public key which they can compare with their own record of the server's public key.

The server authenticates clients who connect to it. The client must be previously set up as an SSH user (or in some cases as a user on the server machine). In password authentication, the client supplies their password which the server authenticates as belonging to that user. In public key authentication, the client uses its private key to sign some data, and sends the signature to the server. The server uses the client's public key to verify the signature. In this case the client's public key must be available on the server.