Event Sequence Of An Ssh Connection - Red Hat LINUX 7.2 Reference Manual

158
The OpenSSH packages require the OpenSSL package (openssl). OpenSSL installs several impor-
tant cryptographic libraries that help OpenSSH provide encrypted communications. You must install
the openssl package before installing any OpenSSH packages.
A large number of client and server programs can use the SSH protocol, including many open source
and freely available applications. Several different SSH client versions are available for almost every
major operating system in use today. Even if the users connecting to your system are not running Red
Hat Linux, they can still find and use an SSH client native for their operating system.
10.1.1 Why Use SSH?
Threats to network traffic include packet sniffing, DNS and IP spoofing
routing information. In general terms, these threats can be categorized as follows:
• Interception of communication between two systems — In this scenario, a third party exists some-
where on the network between communicating entities and makes a copy of the information being
passed between them. The intercepting party may intercept and keep the information, or it may
alter the information and send it on to the intended recipient.
• Impersonation of a particular host — Using this strategy, an intercepting system pretends to be the
intended recipient of a message. If the strategy works, the client remains unaware of the deception
and continues to communicate with the interceptor as if its traffic had successfully reached its
destination.
Both techniques cause information to be intercepted, possibly for hostile reasons. The results can be
disastrous, whether that goal is achieved by listening for all packets on a LAN or a hacked DNS server
pointing to a maliciously duplicated host.
If SSH is used for remote shell logins and file copying, these security threats can be greatly diminished.
A server's digital signature provides verification for its identity. The entire communication between
client and server systems cannot be used if intercepted, because each of the packets is encrypted.
Attempts to spoof the identity of either side of a communication will not work, since each packet is
encrypted using a key known only by the local and remote systems.

10.2 Event Sequence of an SSH Connection

A certain series of events helps protect the integrity of an SSH communication between two hosts.
First, a secure transport layer is created so that the client knows that it is communicating with the
correct server. Then, the communication is encrypted between the client and server using a symmetric
cipher.
2 Spoofing commonly means appearing to others to be a particular system when you are actually not that system.
Chapter 10:SSH Protocol
2
and the promulgation of fake