What is ssh and why should I use it?

It is a drop-in replacement for rsh.

This means it is a secure way to connect to other hosts and issue commands there. It is strong authentication. It's nearly impossible to "snoop" on the connections between the local and remote machine. It never trusts the network. It grants minimal trust on the remote side of the connection and on domain name servers.

Pure RSA authentication never trusts anything but the private key. Most computer communication is done without encryption, especially before the advent of SSH. With access to a network segment connected to either of the two machines communicating, it's fairly trivial to intercept the packets and snoop on the connection. This is frequently done by hackers, curious administrators, employers, criminals, industrial spies, and governments. Some networks leak off enough electromagnetic radiation that data may be captured even from a distance.

What, like wireless?

Not just wireless, radiation from monitors, and other network connections can leak data.

Businesses have trade secrets, patent applications in preparation, pricing information, subcontractor information, client data, personnel data, financial information, etc. Currently, anyone with access to the network (any machine on the network) can listen to anything that goes in the network, without any regard to normal access restrictions.

Many companies are not aware that information can so easily be recovered from the network. They trust that their data is safe since nobody is supposed to know that there is sensitive information in the network, or because so much other data is transferred in the network. This is not a safe policy.

Why not just use telnet?

Telnet transmits your password unencrypted. If someone is listening to the network they'll see your username and password floating past unecrypted.

Under SSH all traffic is encrypted. Without the private key from the server you are communicating with, they have no way of decrypting your communications.

Well, why not use rlogin?

See above. Same issues as telnet.

What is SSH, SecureSH?, SSH.com?

OpenSSH is a free implementation from the OpenBSD? project.

OpenSSH? is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH? encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH? provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.

SSH is the original implementation by the author of the SSH protocol. He attempted to force other clients to change their name from SSH to "SecureSH?" in 2001 but his original license on the trademark allowed use of the SSH name, irrevocably. If you've got cash to burn, you can purchase their implementation.

The "ssh" package in Debian is OpenSSH?.

Is there a book on SSH?

SSH: The Secure Shell The Definitive Guide by Daniel J. Barrett, Ph. D. and Richard E. Silverman

Back to SSH FAQ