Secure Shell Installed on UNIX Hosts

        By Dianna Laakso, UNIX System Administrator (dianna@unt.edu)

        Secure Shell (SSH) has been installed on the Jove and Sol systems. SSH is a program for logging in to a remote machine and executing commands. It is intended to be a secure replacement for rlogin and rsh, by providing encrypted communications between two host machines over an insecure network. Some of SSH's features include:

        • Strong authentication. Closes several security holes (e.g., IP routing, and DNS spoofing).
        • Improved privacy. All communications are automatically and transparently encrypted (key exchange is done via RSA and the communication is encrypted via IDEA). Passwords are never transmitted via cleartext.
        • Secure X11 sessions. The program automatically sets DISPLAY on the server machine, and forwards any X11 connections over the secure channel. Fake Xauthority information is automatically generated and forwarded to the remote machine; the local client automatically examines incoming X11 connections and replaces the fake authorization data with the real data (never telling the remote machine the real information). SSH is invoked by typing any of the following commands: rlogin, rsh, slogin, or ssh. If the remote machine is running an SSH server, the server will authenticate the user's identity. If the authentication is successful, the server will log the user on to the remote machine and open an encrypted connection. There are several different methods of authentication supported by SSH, including .rhosts, .rhosts combined with RSA, and pure RSA authentication. A description of these methods is beyond the scope of this article. Those interested should refer to the on-line SSH manual page on Jove by typing the command man ssh. The default authentication method is the UNIX password on the remote system.

        If a user uses SSH to log on to a remote machine that is not running an SSH server, the SSH client will print a warning message to the user, and fall back to using regular rlogin and rsh over an unencrypted connection.

        If you manage a UNIX machine and wish to set it up as an SSH server, please contact ACS UNIX Support via the Helpdesk (565-2324, helpdesk@unt.edu).



        Previous Article <== ==> Next Article

        If you have any problems or questions about this server, contact us as soon us as soon as possible. You can send mail to the following address: www@unt.edu