Linux Security HOWTO : Password Security and Encryption : ssh (Secure Shell) and stelnet
Previous: Linux IPSEC Implementations
Next: PAM - Pluggable Authentication Modules

6.4. ssh (Secure Shell) and stelnet

ssh and stelnet are programs that allow you to login to remote systems and have a encrypted connection.

ssh is a suite of programs used as a secure replacement for rlogin, rsh and rcp. It uses public-key cryptography to encrypt communications between two hosts, as well as to authenticate users. It can be used to securely login to a remote host or copy data between hosts, while preventing man-in-the-middle attacks (session hijacking) and DNS spoofing. It will perform data compression on your connections, and secure X11 communications between hosts. The ssh home page can be found at http://www.cs.hut.fi/ssh/

You can also use ssh from your Windows workstation to your Linux ssh server. There are several freely available Windows client implementations, including the one at http://guardian.htu.tuwien.ac.at/therapy/ssh/ as well as a commercial implementation from DataFellows, at http://www.datafellows.com. There is also a open source project to re-implement ssh called "psst...". For more information see: http://www.net.lut.ac.uk/psst/

SSLeay is a free implementation of Netscape's Secure Sockets Layer protocol, developed by Eric Young. It includes several applications, such as Secure telnet, a module for Apache, several databases, as well as several algorithms including DES, IDEA and Blowfish.

Using this library, a secure telnet replacement has been created that does encryption over a telnet connection. Unlike SSH, stelnet uses SSL, the Secure Sockets Layer protocol developed by Netscape. You can find Secure telnet and Secure FTP by starting with the SSLeay FAQ, available at http://www.psy.uq.oz.au/~ftp/Crypto/.

SRP is another secure telnet/ftp implementation. From their web page:

"The SRP project is developing secure Internet software for free worldwide use. Starting with a fully-secure Telnet and FTP distribution, we hope to supplant weak networked authentication systems with strong replacements that do not sacrifice user-friendliness for security. Security should be the default, not an option!"

For more information, go to http://srp.stanford.edu/srp.


Linux Security HOWTO : Password Security and Encryption : ssh (Secure Shell) and stelnet
Previous: Linux IPSEC Implementations
Next: PAM - Pluggable Authentication Modules