SSH in the ECE Unix Environment

1. SSH Defined
   1. Host Keys
2. SSH and Unix
   1. Replacing Telnet
   2. Replacing FTP
   3. Replacing RCP
   4. Tunneling X
3. Getting SSH for Unix
4. Additional SSH Information

SSH Defined

SSH stands for Secure SHell. It is a program designed to allow users to log into another computer over a network, to execute commands on that computer and to move files to and from that computer. It effectively replaces telnet, ftp and the rcp/rsh/remsh programs.

The difference between SSH and those other programs is that they are clear text protocols where as SSH encrypts everything it sends across the network. The problem with clear text is that anyone who is "sniffing" the network can see every byte of data you transmit. That can include all the commands you type. All the images you display back to your local machine. And it can include your username and password. There are obvious security problems with this system.

SSH encrypts all of its data. While no encryption scheme is truly 100% secure, breaking the SSH encryptions would take a tremendous amount of time and CPU power. The fact is that no casual hacker, or for that matter very many of the serious ones, are going to have the resources to dedicate to breaking your data.

SSH has the added benefit of being able to "tunnel" other protocols. A tunnel is basically an opening on both the local and remote machines, passing along the SSH connection, that allows other protocols (example: X, FTP, SMTP and POP3) to piggy back along the SSH line, encrypting the data all the way.

Host Keys

SSH establishes encrypted connections by the exchange of host keys. When a remote system gives your local system its host key it is basically telling your local system how to encrypt data so that the remote system can then unencrypt it.

When you make an SSH connection to a remote machine, it sends you its host key. You will then be prompted as to whether or not you want to accept this key, and/or whether or not you want to store it for later reference (for the next time you connect to that remote system). In general you always want to say "yes" to both of these questions.

Storing of keys is somewhat important. It is one way to make sure that you are connecting to the correct system. Say someone takes er4rh016 off line and then puts in their own linux box with the same hostname (this would be referred to as a "trojan" system, named after the proverbial horse) and then puts in an SSH daemon. Now when you try to SSH to it, you are actually connecting to a different machine. Where that trojan can get caught is that it doesn't have the same SSH key pairing as the old system. So when you make your SSH connection, it sends you back a different encryption key. At this point your SSH client should prompt you saying something to the effect of "Warning, the remote systems host key has changed. Do you still want to connect?" At this point you have to decide if you think the remote system is who it is supposed to be, or not. The safest course of action is to contact the system's administrator and find out if the key has been legitimately changed before you connect to the machine.

For more details on what the SSH protocol is, what it can do, and where it is going, please see the official SSH FAQ.

SSH and Unix