Linux Security HOWTO : Password Security and Encryption : ssh (Secure Shell) and stelnet
Previous: Linux IPSEC Implementations
Next: PAM - Pluggable Authentication Modules

6.4. ssh (Secure Shell) and stelnet

ssh and stelnet are suite's of programs that allow you to login to remote systems and have a encrypted connection.

openssh is a suite of programs used as a secure replacement for rlogin, rsh and rcp. It uses public-key cryptography to encrypt communications between two hosts, as well as to authenticate users. It can be used to securely login to a remote host or copy data between hosts, while preventing man-in-the-middle attacks (session hijacking) and DNS spoofing. It will perform data compression on your connections, and secure X11 communications between hosts.

There are several ssh implementiations now. The original commercial implementation by Data Fellows can be found at The ssh home page can be found at http://www.datafellows.com.

The excellent Openssh implementation is based on a early version of the datafellows ssh and has been totally reworked to not include any patented or propriatary peices. It is free and under a BSD liscence. It can be found at: http://www.openssh.com.

There is also a open source project to re-implement ssh from the ground up called "psst...". For more information see: http://www.net.lut.ac.uk/psst/

You can also use ssh from your Windows workstation to your Linux ssh server. There are several freely available Windows client implementations, including the one at http://guardian.htu.tuwien.ac.at/therapy/ssh/ as well as a commercial implementation from DataFellows, at http://www.datafellows.com.

SSLeay is a free implementation of Netscape's Secure Sockets Layer protocol, developed by Eric Young. It includes several applications, such as Secure telnet, a module for Apache, several databases, as well as several algorithms including DES, IDEA and Blowfish.

Using this library, a secure telnet replacement has been created that does encryption over a telnet connection. Unlike SSH, stelnet uses SSL, the Secure Sockets Layer protocol developed by Netscape. You can find Secure telnet and Secure FTP by starting with the SSLeay FAQ, available at http://www.psy.uq.oz.au/~ftp/Crypto/.

SRP is another secure telnet/ftp implementation. From their web page:

"The SRP project is developing secure Internet software for free worldwide use. Starting with a fully-secure Telnet and FTP distribution, we hope to supplant weak networked authentication systems with strong replacements that do not sacrifice user-friendliness for security. Security should be the default, not an option!"

For more information, go to http://srp.stanford.edu/srp.


Linux Security HOWTO : Password Security and Encryption : ssh (Secure Shell) and stelnet
Previous: Linux IPSEC Implementations
Next: PAM - Pluggable Authentication Modules