4 Ssh: Secure Network Operations; The Openssh Package - Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 08-05-2008 Installation Manual

44
SSH: Secure Network
Operations
With more and more computers installed in networked environments, it often becomes
necessary to access hosts from a remote location. This normally means that a user sends
login and password strings for authentication purposes. As long as these strings are
transmitted as plain text, they could be intercepted and misused to gain access to that
user account without the authorized user even knowing about it. Apart from the fact
that this would open all the user's files to an attacker, the illegal account could be used
to obtain administrator or root access or to penetrate other systems. In the past, remote
connections were established with telnet, which offers no guards against eavesdropping
in the form of encryption or other security mechanisms. There are other unprotected
communication channels, like the traditional FTP protocol and some remote copying
programs.
The SSH suite provides the necessary protection by encrypting the authentication strings
(usually a login name and a password) and all the other data exchanged between the
hosts. With SSH, the data flow could still be recorded by a third party, but the contents
are encrypted and cannot be reverted to plain text unless the encryption key is known.
So SSH enables secure communication over insecure networks, such as the Internet.
The SSH flavor that comes with SUSE Linux Enterprise is OpenSSH.

44.1 The OpenSSH Package

SUSE Linux Enterprise installs the package OpenSSH by default. The programs ssh,
scp, and sftp are then available as alternatives to telnet, rlogin, rsh, rcp, and ftp. In the
default configuration, system access of a SUSE Linux Enterprise system is only possible
with the OpenSSH utilities and only if the firewall permits access.
SSH: Secure Network Operations 831