Red Flag asianux Server 3 System Management: SSH protocol

ssh™ (Secure shell abbreviation) is a kind of communication between two systems based on client/server, and http://www.aliyun.com/zixun/aggregation/18736.html "> Allows a user to log on to a protocol that is remotely controlled on the server host. Unlike other remote communication protocols, such as FTP and Telnet, SSH encrypts a logon session so that intruders cannot collect encrypted passwords.

SSH is used to replace old, insecure secure terminal applications that log on to remote hosts, such as Telnet, rsh. A program called the SCP replaces the old program used to copy files between two hosts, such as RCP. Because these old applications do not use encrypted transmission between the client and the server, using a secure method to log on to the remote system reduces the risk between the client system and the remote host.

7.3.1 SSH Features

The SSH protocol provides the following four security features:

• After connecting to a server, use the SSH client to confirm that subsequent connections are connected to the same server.

• The client transmits its authentication information to the server using a powerful 128-bit encrypted transmission.

• Send and receive all data using 128-bit encryption, even if the transmission content is intercepted is difficult to decrypt and read.

• Clients can forward X11 applications from the server. This technique, known as X11 forwarding, provides a secure way for graphical network applications.

X11 refers to the x11r6.7 window display system, traditionally known as the X Window System or an open source X Window System containing XFree86 and open source X Window systems.

Because the SSH protocol encrypts all sent and received data, it guarantees secure transmission. Using a technology called port forwarding, an SSH server can become a conduit to ensure its security, just like a pop protocol, which enhances the overall security performance of the system and data.

Why 7.3.2 Use SSH

Computer intruders have a variety of tools that allow them to disrupt, intercept, and attempt to reconstruct network routes to successfully access the system. In general, these threats can be summed up as follows:

• Interception of communication between two systems--in which case an attacker can copy any information between them, somewhere in the network communication entity. An attacker could intercept information, or change the content of the message and send it to the receiving end. This attack can be achieved by a common network gadget--packet sniffer.

• Impersonate a host-using this strategy, the attacker's system will be configured as a disguised transmission receiver. If this strategy succeeds, the sender will not be aware of the error in this communication. This attack can be achieved through known means such as DNS spoofing or IP spoofing. Both techniques are used to intercept potentially sensitive information, and if it is intercepted maliciously, the result will be catastrophic.

If you use SSH for remote shell logins and file copies, these security threats will be greatly reduced. This is because the SSH client and server side are digitally signed to verify their identity. In addition, all communication between the client and the server system is encrypted. Attempts to deceive identities cannot be implemented because each packet is encrypted and the key used is known only to local and remote systems.

When an intruder attacks a DNS server, a domain name server is poisoned, and the client system is maliciously repeated.

IP spoofing occurs when an intruder sends some network packets that appear to come from a trusted host.