Ssh: What Are The Advantages And Stuff ?

[szupie 0]

Dunno where to put this topic, and couldn't even search for ssh in the forum (4 letters or less).Anyway, What are the advantages of SSH? Why does it make life better to have SSH Access than just FTP?

Edited October 24, 2005 by microscopic^earthling (see edit history)

[miCRoSCoPiC^eaRthLinG 0]

This should probably go into Networking and that's where I'm moving it.. no probs szupie - it's just a mouse click away

First we begin by quoting a definition of SSH as Wikipedia ( https://www.wikipedia.org/ ) defines it:

In computing, Secure shell, or SSH, is both a computer program and an associated network protocol designed for logging into and executing commands on a remote computer. It is intended to replace the earlier rlogin, telnet and rsh protocols, and provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel, and files can be transferred using the associated scp or sftp programs. The standard TCP port that an ssh server listens to is port 22.
The first version of the protocol (now called SSH-1) was designed, and the first software written, by Tatu YlĂśnen from Espoo, Finland in 1995. He soon formed a company called SSH Communications Security to exploit this innovation. The original version of the SSH software used various pieces of free software, such as GNU libgmp, but later versions released by SSH Secure Communications evolved into increasingly proprietary software. SSH Communications Security subsequently relicensed SSH to F-Secure (formerly known as Data Fellows). SSH Secure Communications has a USA subsidiary in Palo Alto, California.

A later version of the protocol was released under the name SSH-2. It is being standardised by the IETF "secsh" working group, and features both security and feature improvements over SSH-1. Examples of the former are Diffie-Hellman key exchange and strong integrity checking via MACs; of the latter, the ability to run any number of shell sessions over a single SSH connection. [1]

Here's the difference. All the earlier protocols like telnet, ftp, http - all communicated by sending PLAIN TEXT messages over the internet. As in when you FTP or Telnet-ed to you shell, your username/password combination would be sent over as plain text - can you imagine what would happen if one of those creatures of the dark happened to be snooping on your outgoing connection with a packet sniffer ?? He would just have to decode those packets and right in the middle of them he'd find all your login ids/passes in complete plain text. Not something you'd really want to happen to you Ah well, for a normal user, you'd just dump that account (if it was on a free server) and just register yourself for a new one. But what if it had lots of crucial/official sensitive data that you wouldn't want someone else to get their hands on ?? And the fact that your life/job/everything is at stake and you must protect it with all your might..what then ?

That's where the SSH protocol comes in.. It started as a replacement of telnet, such that all such communication would be encrypted at one end prior to transmission and and decrypted back at the other end before handing the commands/logins over to the server. Eventually the SSH got imbibed into all the existing protocols giving rise to SFTP, HTTPS etc... You might have notice that all such encrypted communication is much slower than loading a normal page/downloading a file using the older protocols. All that high-degree of encryption/decryption at both ends account for the time lag. That's the FLIP Side - but in constrast what you get in SSH is a fairly good bit of security from any normal prying eyes. At least with the present SSH-2 it would either take a supercomputing cluster or a huge cluster of extremely powerful cpu's to crack your ssh encrypted transmission in real time - and that kind of equipment isn't readily available to everyone... (luckily.. )

The method of encryption is somewhat similar to PGP I believe. When the connection is first set up, the server hands over a Public Encryption Key to the client. The client can use this key to encrypt the data for transmission, but cannot decode it using this key. The actual decryption happens on the server end using a Private Key - which is generated alongwith the Public Key but never handed out to anyone. The message can thus be converted back into its normal form using ONLY this Private Key. Imagine a lock with two keys - one used to lock it and the other to unlock. These two keys cannot be used interchangeably. So ONLY whoever has the unlocking key can get access to the room... (lol.. bad analogy). There might be multiple copies of the locking key so many different client can lock the room up - but only one person with the master unlock key can go about opening it up...

That's it.. I guess this should explain the whole idea somewhat.. Refer to wikipedia or just google for the explanation of SSH and you'll get many more sites with far better explanation than this...Hope this helped

[szupie 0]

So... Why is this better than FTP? How does this make life easier? '_'

[miCRoSCoPiC^eaRthLinG 0]

It doesn't have anything to do with being better than FTP. SSH has a counterpart in almost all the protocols like telnet (SSH was actually a replacement for it) and then other protocols like FTP, HTTP started using it too..which gave rise to protocols like SFTP & HTTPS. It's called making connection over the Secure Socket Layer or SSL, in other words... Similarly your SSH or Secure Shell, is the SSL form of the older Telnet protocol. It doesn't make life EASY for you in any sense - just that all your communication on the net is safe from unwanted troublemakers.. You wouldn't want all your credit card details to fall into the wrong hands when you are buying something online - WOULD YOU ??? That's the way it makes life easier for you - by letting you heave out a sigh of contentment/satisfaction (knowing your data is still safe) after your purchase goes through

[Hercco 0]

To be accurate... HTTPS or SFTP don't have anything to do with SSH, well other than they all use SSL. Apart from security there are no other benefits from SSH or SCP (Secure Copy). In fact copying files with unsecured remote copy is faster than SCP. Not that the difference is anything much with modern machines....But security is a major factor. Any moron can capture your password when you use FTP or telnet, like said in previous post it's all plain text there! If you have a private LAN you can easily test this. Download a traffic analysis software, put it running and start making FTP or Telnet connections and read and weep how easy it's to find out what's happening in the network. Just don't do this in public internet, your ISP might not like it .In addition to copying files and using it for remote shell access SSH can be used to make secured tunnels over the internet. This is pretty much like a normal proxy server, just that the connection to the proxy is secured. This is actually quite good way of bringing security and anonymity to web browsing as long as the server doesn't keep logs (ie. it is anonymizing). What I use SSH for...My university offers an SSH access to their server our departments linux and solaris workstations. To read and send email, I SSH to uni server and run email client there. Way more faster than to use a windows email software (like outlook or eudora) or let alone webmail. Our programming assignments are usually done on UNIXes so to do that I SSH to some workstation and do text editing and compiling there.I'm also a member of our student unions computer club which has few servers of tis own and they allow runing of IRC bots. I have an IRC client constantly running there with screen and I can ssh there and check out what happened in the channels when I was offline. For my site here at asta, I use SSH to manage files, some minor editing and command line SQL. Way faster to do than with graphical FTP clients or web interfaces.

[sazz 0]

 

For my site here at asta, I use SSH to manage files, some minor editing and command line SQL. Way faster to do than with graphical FTP clients or web interfaces.

1064291159[/snapback]

hOW can I connect using SSH here. When i access my account via telnet it tells me i haven`t shell access?

[miCRoSCoPiC^eaRthLinG 0]

hOW can I connect using SSH here. When i access my account via telnet it tells me i haven`t shell access?

1064327340[/snapback]

You got to apply for a SSH Shell Account in the Account Request Forum (not the New Account Request/Upgrade Request forums) - but in the other misc. request forum that is there along with them. Shell access is not enabled by default when you get your hosting - but given out anyway upon filing a separate request.