Bitvise SSH

What Is SSH?

The Secure Shell protocol version 2, or SSH2, specifies how a client can connect securely to an SSH server, and then use the resulting secure link to access the server's resources. Among other things, the client can run programs; transfer files; and forward other TCP/IP connections over the secure link.

The SSH2 protocol is a descendant of the SSH v1.x series of protocols. SSH version 2 is standardized at IETF, and the vast majority SSH implementations now support SSH version 2. SSH version 1 is less secure, and is almost no longer being used.

SSH compared to SSL/TLS

SSH and TLS/SSL are different protocols used for similar purposes. Both protocols are used to authenticate communicating parties and secure data during transport.

SSL/TLS tend to use X.509 certificates, is based on ASN.1 encodings, and is most commonly used to as a security layer for HTTP, SMTP, and FTP traffic.

The SSH protocol tends to use public keys without a certificate infrastructure, is based on a simpler binary encoding, and tends to be used as a security layer for SFTP and SCP file transfers, terminal shell access, and forwarding of connections for other applications.

SSH can be perceived as a less clunky version of TLS. Due to its deliberate independence from X.509 certificates, SSH lends itself well to connections between entities with an existing trust relationship, where TLS does poorly. TLS lends itself better to connections between strangers.

How Secure Is SSH?

The SSH v2 protocol provides the services of server authentication; encryption; data integrity verification; and client authentication. Server authentication is performed using DSA, RSA or ECDSA public key algorithm. For encryption and data integrity verification, a number of algorithms are provided which every SSH product can implement in a modular fashion. Client authentication can be performed using a password, a public key, single sign-on Kerberos, and other methods.

The SSH2 protocol specification is publicly available and has been reviewed by several independent implementors. When properly implemented and used, the protocol is believed to be secure against all known cryptographic attacks, passive as well as active.

SSH Features

SSH is a highly flexible protocol, and many different types of services can use it. The protocol's open architecture allows these services to run at the same time without impeding one another.

An SSH client and server can transfer files using the protocols SCP and SFTP, which run on top of an established SSH session. While SCP is the old Unix rcp utility transplanted onto a different transport, SFTP is a flexible remote file access protocol that can be used in advanced ways. SFTP is better standardized and widely supported, so often software that provides an SCP-like interface really uses SFTP instead.

Note that SFTP is unrelated to FTP, or to FTP over TLS/SSL. The protocols are independent and very different.

A frequently used service is the remote console. This involves allocating a channel within the SSH session, which is then used as transport for a terminal protocol such as vt100 or xterm. The client displays to the user a console window within which the user can execute command line programs on the server.

SSH also provides exec requests. An exec request executes a program on the server like a remote console, but without expectation of interactive input. Exec requests are useful for automated remote administration.

Another popular SSH function is port forwarding, or TCP/IP connection tunneling. With SSH port forwarding, it is possible to secure a TCP/IP connection established by an independent application that would otherwise be vulnerable to network attacks.

What are the roles of Bitvise SSH Client and SSH Server?

Bitvise SSH Server is used to accept connections from SSH clients. The server is intended to run for a prolonged period of time, and will provide SSH clients that connect with access configured by the server administrator. The SSH server might be configured to provide access to a terminal console, port forwarding, and/or file transfer to and from the server using SFTP and SCP.

Bitvise SSH Client is used to initiate connections to SSH servers. It is usually used interactively, so it will only run when a user runs it, but it can also be launched unattended to run scripted commands or file transfers, or to maintain an SSH connection for port forwarding. The SSH client is used to access a terminal console on an SSH server, to initiate port forwarding, or to initiate file transfers to and from SSH servers using SFTP.

Both products are connectivity products. They cannot be used standalone. For an SSH server to be useful, you need clients that will connect to it. For an SSH client to be useful, you need an SSH server to connect to.

The two products can be installed on the same machine, but it makes no sense to connect an SSH client to an SSH server running on the same machine. The purpose of SSH is to securely connect computers across the network; using SSH to connect to a server on the same machine provides no benefit.

Quick Navigation;

© Copyright 2000-2017  COGITO SOFTWARE CO.,LTD. All rights reserved.