Chapter 18. SSH Protocol

SSH™ allows users to log into host systems remotely. Unlike protocols such as FTP or Telnet, SSH encrypts the login session, making it impossible for intruders to collect unencrypted passwords.

SSH is designed to replace older, less secure terminal applications used to log into remote hosts, such as telnet or rsh. A related program called scp replaces older programs designed to copy files between hosts, such as rcp. Because these older applications do not encrypt passwords transmitted between the client and the server, avoid them whenever possible. Using secure methods to remotely log into remote systems decreases the risks for both the client system and the remote host.

18.1. Features of SSH

SSH (or Secure SHell) is a protocol which facilitates secure communications between two systems using a client/server architecture.

The SSH protocol provides the following safeguards:

Because the SSH protocol encrypts everything it sends and receives, it can be used to secure otherwise insecure protocols. Using a technique called port forwarding, an SSH server can become a conduit to secure otherwise insecure protocols, like POP, increasing overall system and data security.

Red Hat Linux includes the general OpenSSH package (openssh), the OpenSSH server (openssh-server) and client (openssh-clients) packages. Please see the chapter titled OpenSSH in the Red Hat Linux Customization Guide for instructions on installing and deploying OpenSSH. Also note that the OpenSSH packages require the OpenSSL package (openssl). OpenSSL installs several important cryptographic libraries which enable OpenSSH to provide encrypted communications.

A large number of client and server programs can use the SSH protocol. SSH client applications are available for almost every major operating system in use today.

18.1.1. Why Use SSH?

Nefarious computer users have a variety of tools at their disposal which enable them to disrupt, intercept, and re-route network traffic in an effort to gain access to a system. In general terms, these threats can be categorized as:

  • Interception of communication between two systems — In this scenario, the attacker can be somewhere on the network between the communicating entities, copying any information passed between them. The attacker may intercept and keep the information or alter the information and send it on to the intended recipient.

    This attack can be mounted through the use of a packet sniffer — a common network utility.

  • Impersonation of a particular host — Using this strategy, an attacker's system is configured to pose as the intended recipient of a transmission. If this strategy works, the user's system will remain unaware it is communicating with the wrong host.

    This attack can be mounted through techniques known as DNS poisoning [2] or IP spoofing [3].

Both techniques intercept potentially sensitive information, and if the interception is for hostile reasons, the results can be disastrous.

If SSH is used for remote shell login and file copying, these security threats can be greatly diminished. This is because the SSH client and server use digital signatures to verify their identity. Additionally, all communication between the client and server systems is encrypted. Attempts to spoof the identity of either side of a communication will not work, since each packet is encrypted using a key known only by the local and remote systems.



X11 refers to the X11R6 windowing display system, traditionally referred to as X. Red Hat Linux includes XFree86, a widely used, open source X Window System, which is based on X11R6.


DNS poisoning occurs when an intruder cracks a DNS server, pointing client systems to a maliciously duplicated host.


IP spoofing occurs when an intruder sends network packets which falsely appear to be from a trusted host on the network.