introduction
SSH is the name for a suite of protocols that describe ways of working with remote computers. SSH is also the name of a suite of programs that speak these protocols, including SCP, SFTP and, er, SSH. You may start to see a little repetition here. The SSH program is a tool for remote login and SCP and SFTP are tools for copying files to and from remote computers. SSH programs use encryption to secure communication so naughty Internet crackers can't steal your credit card numbers, love letters and dog.
SSH Communications Security makes closed-source SSH programs. and OpenSSH, an open source project.
what it is
The guy who wrote SSH must have been running short of naming ideas because SSH is a suite of programs, the name of one of those programs and the name of a suite of protocols.
The three protocols in the SSH suite are transport layer, authentication and connection. These describe how to use network services securely over an insecure network. Attacks on network services by bad guys include techniques like IP spoofing, IP source routing, DNS spoofing and connection hijacking.
- The SSH transport layer protocol provides strong encryption, server authentication, and integrity protection. It cures the sending-passwords-in-clear-text problem that telnet and rlogin have. This protocol runs on top of TCP/IP.
- The SSH authentication protocol replaces the traditional way of logging in. The traditional way is to type in an account name and a password. The SSH way includes a version of this traditional password client authentication method, "public key", "host-based" and plug-ins for more obscure methods such as fingerprint scanning and bad breath analysis. This protocol runs on top of the SSH transport layer protocol.
- The SSH connection protocol provides interactive login sessions, remote execution of commands, forwarded
TCP/IP connections, and forwarded X11 connections. All of these channels are multiplexed into a single encrypted tunnel. This protocol runs on top of the SSH transport layer and SSH authentication protocols.
An SSH connection is made between a client and a server. The client contacts the server and they create a network connection between them. The rocket science involved in securing the network connection is hidden to the person using SSH. The person who wants to administer a remote computer names which computer he wants to access and the SSH program creates a secure connection between the terminal emulator and the remote shell. The administrator then knows his work is safe from bad guys.
A few organisations make programs that follow the SSH protocol. SSH programs are available for every operating system. Popular products are made by SSH Communications Security, owned by the guy who wrote the SSH protocols, and OpenSSH. Many companies need an SSH application with reliable support and don't trust the variable nature of the open source movement. They buy products from SSH Communications Security. Every company that distributes Linux includes the free suite of programs from OpenSSH.
what it isn't
Perfectly safe. The SSH protocol is a damn fine security tool, but it is only one piece of the security puzzle.
SSL (Secure Sockets Layer). This is a protocol used to secure HTTP conversations. Just to be confusing, programs from the OpenSSH project do use code from the OpenSSL project.
Protection for the host computer. If a bad guy does a good job of hacking the host computer then he has full control of evreything, including SSH.
where it is
Every host contains a copy of the SSH programs.
history
For decades the popular remote administration programs were telnet and rlogin. These were open to abouse because they did silly things like send account passwords across networks in plain readable text. The SSH protocol was created to sort out the security problems and make the whole process much easier.
The original program was developed by Tatu Ylönen in 1995. He gave away early SSH programs for the benefit of the Internet community. He founded SSH Communications Security in 1995, and trademarked SSH in March 1998.
Teams of people dedicated to breaking stuff found inadequacies in the original SSH protocols and managed to break the SSH programs. in 1997 the SSH2 protocol was created to plug these security holes.
In 1999, OpenBSD project members started work on one of the old copies of the SSH code which wasn't totally restricted by patents and other proprietary protections. They replaced the restricted parts, fixed the code and put the programs into the release of OpenBSD 2.6. This new open source project was called OpenSSH. It has been growing in popularity and ability ever since.
