OpenSSH

OpenSSH is a free version of the SSH suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on.

OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.

OpenSSH consists of a number of programs:

• shd - Server program run on the server machine. This listens for connections from client machines, and whenever it receives a connection, it performs authentication and starts serving the client
• sh - This is the client program used to log into another machine or to execute commands on the other machine. slogin is another name for this program
• cp - Securely copies files from one machine to another.
• sh-keygen - Used to create Pubkey Authentication (RSA or DSA) keys (host keys and user authentication keys)
• sh-agent - Authentication agent. This can be used to hold RSA keys for authentication
• sh-add - Used to register new keys with the agent.
• ftp-server - SFTP server subsystem.
• ftp - Secure file transfer program.
• sh-keyscan - gather ssh public keys.
• sh-keysign - ssh helper program for hostbased authentication

OpenSSH

License BSD license Developer The OpenBSD Project Website www.openssh.org Requirements Support: Manual, FAQ, Mailing Lists, Hacking Linux Exposed Selected Reviews: Review Linux, Linux Journal

Features include:

• Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing)
• Improved privacy. All communications are automatically and transparently encrypted
• Secure X11 sessions. The program automatically sets DISPLAY on the server machine, and forwards any X11 connections over the secure channel
• Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions)
• No retraining needed for normal users
• Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure RSA authentication never trusts anything but the private key
• Client RSA-authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server RSA-authenticates the client machine before accepting .rhosts or /etc/hosts.equiv authentication (to prevent DNS, routing, or IP-spoofing)
• Host authentication key distribution can be centrally by the administration, automatically when the first connection is made to a machine
• Any user can create any number of user authentication RSA keys for his/her own use
• The server program has its own server RSA key which is automatically regenerated every hour
• An authentication agent, running in the user's laptop or local workstation, can be used to hold the user's RSA authentication keys
• The software can be installed and used (with restricted functionality) even without root privileges.
• The client is customizable in system-wide and per-user configuration files
• Optional compression of all data with gzip (including forwarded X11 and TCP/IP port data), which may result in significant speedups on slow connections
• Complete replacement for rlogin, rsh, and rcp

Last Updated Tuesday, April 09 2013 @ 05:13 PM EDT