Difference between revisions of "Ssh"

From Hackepedia
Jump to navigationJump to search
Line 30: Line 30:
  
 
Now in firefox I enter a SOCKS proxy of 127.0.0.1 with port 8080 and it will appear to any website I visit that I am at home, not at my remote location!
 
Now in firefox I enter a SOCKS proxy of 127.0.0.1 with port 8080 and it will appear to any website I visit that I am at home, not at my remote location!
 
Test - Ignore
 

Revision as of 02:58, 26 April 2010

Socket.jpg

SSH stands for "Secure Shell" and was first written by a Finnish computer scientist named Tatu Ylonen. Mr. Ylonen went on to found SSH Communications which continues developing the ssh program. The program uses both symmetric and assymetric cryptography in order to keep the OSI session layer secure from session hijacking and sniffing.

Public Key Differences

There are three versions used in SSH. One for v1 protocol, and two for v2.

  • RSA1 is referred to as the original RSA key used for v1 protocols. These keys were used to encrypt the communications.
  • RSA is referred to as the v2 protocol. This is used for signing the channel only since the underlying protocol is now handled by a different means.
  • DSA was added to v2 protocol after RSA Security assured patent rights, and the IETF included DSA to allow for patent free implementation. Note: Due to how DSA works it requires a lot more good enthropy to be secure compared to RSA.

Which is the right one for you? Since the RSA patent has expired it is recommended by most of the OpenSSH team to stay with RSA keys since they have been around longer and are more known in terms of their strengths and weakness.

The OpenSSH Fork

OpenSSH was forked from a free version of SSH 1.2.12 and shipped with the OpenBSD 2.6 system. It has gained popularity among many vendors and is shipped with their products as well. Tatu Ylonen's company took OpenSSH to court but lost.

Cool SSH Tricks

Modern SSH clients and servers allow you to do some pretty nifty tricks. The most common is X11 Port Forwarding. You can also forward arbitrary ports, and compress files when transfering them over the network (all in addition to encrypting the data). One really nifty trick is to forward FlexLM connections. Another popular trick is passphraseless key exchange.

Travel

If you're lucky enough to have a shell account at home via ssh, you might want to use your home (or co-lo) machine while travelling instead of a potentially hostile network. This is accomplished by adding the -D flag to start a SOCKS proxy.

$ ssh $home_machine -D127.0.0.1:8080

Now in firefox I enter a SOCKS proxy of 127.0.0.1 with port 8080 and it will appear to any website I visit that I am at home, not at my remote location!