OpenSSH is a free version of the SSH suite of network
connectivity tools that increasing numbers of people on the Internet
are coming to rely on.
OpenSSH encrypts all traffic (including passwords) to
effectively eliminate eavesdropping, connection hijacking, and other
OpenSSH consists of a number of programs:
- shd - Server program run on the server machine. This
connections from client machines, and whenever it receives a
connection, it performs authentication and starts serving the client
- This is the client program used to log into another machine or to
execute commands on the other machine. slogin is another name for this
- cp - Securely copies files from one machine to another.
- sh-keygen - Used to create Pubkey Authentication (RSA or
DSA) keys (host keys and user authentication keys)
- sh-agent - Authentication agent. This can be used to hold
RSA keys for authentication
- sh-add - Used to register new keys with the agent.
- ftp-server - SFTP server subsystem.
- ftp - Secure file transfer program.
- sh-keyscan - gather ssh public keys.
- sh-keysign - ssh helper program for hostbased
to Security Home Page
- Strong authentication. Closes several security holes (e.g.,
IP, routing, and DNS spoofing)
- Improved privacy. All communications are automatically and
X11 sessions. The program automatically sets DISPLAY on the server
machine, and forwards any X11 connections over the secure channel
- Arbitrary TCP/IP ports can be redirected through the
encrypted channel in both directions (e.g., for e-cash transactions)
- No retraining needed for normal users
trusts the network. Minimal trust on the remote side of the connection.
Minimal trust on domain name servers. Pure RSA authentication never
trusts anything but the private key
- Client RSA-authenticates the server machine in the
beginning of every connection to prevent trojan horses (by routing or
DNS spoofing) and man-in-the-middle attacks, and the server
RSA-authenticates the client machine before accepting .rhosts
or /etc/hosts.equiv authentication (to prevent DNS,
routing, or IP-spoofing)
authentication key distribution can be centrally by the administration,
automatically when the first connection is made to a machine
- Any user can create any number of user authentication RSA
keys for his/her own use
- The server program has its own server RSA key which is
automatically regenerated every hour
authentication agent, running in the user's laptop or local
workstation, can be used to hold the user's RSA authentication keys
- The software can be installed and used (with restricted
functionality) even without root privileges.
- The client is customizable in system-wide and per-user
compression of all data with gzip (including forwarded X11 and TCP/IP
port data), which may result in significant speedups on slow
- Complete replacement for rlogin, rsh, and rcp
Last Updated Sunday, November 23 2014 @ 04:32 AM EST