Table of Contents
Advertisement
160
10.3 Layers of SSH Security
The SSH protocol allows any client and server programs built to the protocol's specifications to com-
municate securely and be used interchangeably.
Two different varieties of SSH currently exist. SSH version 1 contains several patented encryption
algorithms (however, several of these patents have expired) and a security hole that potentially allows
for data to be inserted into the data stream. It is recommended that you use SSH version 2-compatible
servers and clients, if at all possible.
OpenSSH includes support for both version 1 and 2. Combined with the OpenSSL encryption li-
braries, OpenSSH provides a full-range of security capabilities.
Both SSH protocol versions (1 and 2) use similar layers of security to strengthen the integrity of the
communication from several different angles. Each layer provides its own type of protection, which
when used together with the others, strengthens the overall security of the communication and makes
it easier to use.
10.3.1 Transport Layer
The primary role of the transport layer is to facilitate safe and secure communication between the
two hosts at the time of and after authentication. Usually running over TCP/IP, the transport layer
accomplishes this by handling the encryption and decryption of data, verifying that the server is the
correct machine for authentication, and providing integrity protection of data packets as they are sent
and received. In addition, the transport layer can also provide compression of the data, effectively
speeding the transfer of information.
Once a client contacts a server using the SSH protocol, several important points are negotiated so that
the two systems can correctly construct the transport layer:
•
Key exchange
•
The public key algorithm to be used
•
The symmetric encryption algorithm to be used
•
The message authentication algorithm to be used
•
The hash algorithm to be used
During the key exchange, the server identifies itself to the client with a host key. Of course, if this
client has never communicated with this particular server before, then the server's key will be un-
known to the client. OpenSSH gets around this problem by allowing the client to accept the server's
host key the first time an SSH connection occurs. Then, in subsequent connections, the server's host
key can be checked with a saved version on the client, providing confidence that the client is indeed
communicating with the intended server.
Chapter 10:SSH Protocol
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat LINUX 7.2
Related Products for Red Hat LINUX 7.2
- Red Hat LINUX 7.1 - ISERIES
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
Need help?
Do you have a question about the LINUX 7.2 and is the answer not in the manual?
Questions and answers