Cryptography Reference
In-Depth Information
For Internet-Drafts documentation
9.3
see [13], [99], [146], [275], and [293]-
[296], as well as the elliptic curve, DiLe-Hellman key exchange proposal for SSH
transport level protocols in [271], all of which are RFC 2026-compliant, Internet
standards process specifications (see [197]).
What is SSH?
Secure Shell or SSH (sometimes called
Secure Socket Shell
— not be be
confused with SSL — see Section 5.7), is essentially a Unix-based
9.4
command
interface usingPKC-oriented, secure remote login protocols. It allows a user to
execute commands on a remote computer, as well as securely move files from one
host to another. It provides strongauthentication and secure communication
over an insecure channel. SSH was designed to replace insecure applications
such as Telnet and FTP (see page 326).
Basically, How Does SSH work?
The SSH mode of operation is quite simple on the surface. The host com-
puter first authenticates itself to the client, establishinga unilateral server-to-
client secure channel. Then a user, Alice, say, on a client computer, employing
unilateral public-key and/or password-based protocols, authenticates herself to
the server. Once the link is secure, not only can files between hosts be trans-
ported, but also other TCP/IP connections may be forwarded over that secure
link. All algorithms used to ensure security are negotiated, so if some algorithm
is cryptanalyzed, it is a simple matter to eliminate it and switch to another in
the cipher suite.
The followingis a detailed description of SSH2 (see [99]), the latest version
of the protocol.
9.3
Although Internet-Drafts (working documents for the development of Internet standards)
may be distributed by any working group, the IETF is perhaps the most widely known (see
Footnote 5.3 on page 219). These documents have a maximum lifespan of six months, after
which they are updated or deleted. If a document becomes an RFC (see Footnote 7.2 on page
262), an announcement is made in the
Internet-Drafts Directories
, see
http://ietf.org/1id-
abstracts.html
, typically updated daily, where all current Internet-Drafts may be found. The
IETF working group for SSH is denoted by
secsh
, see
http://www.ietf.org/html.charters/secsh-
charter.html
. If an Internet-Draft is not part of a working group, it is considered to be an
individual submission. For instance, the elliptic curve, Di6e-Hellman proposal, [271], cited
above, is one such document, whereas all the others cited above are part of
secsh
. IETF is
vendor-neutral, maintaining only the standards. The developer of both versions of SSH is SSH
Communications Security. It appears, at this juncture, that SSH2 is on its last lap toward
becoming an RFC.
9.4
Unix (pronounced
you-niks
) originated in 1969 at AT&T Bell Labs to provide an interac-
tive time-sharing system. In 1974, Unix attained the status of the first operating system to be
written in the C programming language. Being a nonproprietary operating system, it evolved
as freeware and eventually became the first standard operating system that could be openly
developed by virtually anybody. We may rightfully view both the client-server model and
Unix as vital developments in the evolution of the Internet, with a focus toward computing
networks and away from independent computers.
Search WWH ::
Custom Search