Chapter 17. OpenSSH

Chapter 17. OpenSSH

17.1. Features of SSH
17.1.1. Why Use SSH?
17.2. SSH Protocol Versions
17.3. Event Sequence of an SSH Connection
17.3.1. Transport Layer
17.3.2. Authentication
17.3.3. Channels
17.4. Configuring an OpenSSH Server
17.4.1. Requiring SSH for Remote Connections
17.5. OpenSSH Configuration Files
17.6. Configuring an OpenSSH Client
17.6.1. Using the ssh Command
17.6.2. Using the scp Command
17.6.3. Using the sftp Command
17.7. More Than a Secure Shell
17.7.1. X11 Forwarding
17.7.2. Port Forwarding
17.7.3. Generating Key Pairs
17.8. Additional Resources
17.8.1. Installed Documentation
17.8.2. Useful Websites

SSH™ (or Secure SHell) is a protocol which facilitates secure communications between two systems using a client/server architecture and allows users to log into server host systems remotely. Unlike other remote communication protocols, such as FTP or Telnet, SSH encrypts the login session, rendering the connection difficult for intruders to collect unencrypted passwords.

SSH is designed to replace older, less secure terminal applications used to log into remote hosts, such as telnet or rsh. A related program called scp replaces older programs designed to copy files between hosts, such as rcp. Because these older applications do not encrypt passwords transmitted between the client and the server, avoid them whenever possible. Using secure methods to log into remote systems decreases the risks for both the client system and the remote host.


[5] X11 refers to the X11R7 windowing display system, traditionally referred to as the X Window System or X. Red Hat Enterprise Linux includes X11R7, an open source X Window System.

[6] DNS poisoning occurs when an intruder cracks a DNS server, pointing client systems to a maliciously duplicated host.

[7] IP spoofing occurs when an intruder sends network packets which falsely appear to be from a trusted host on the network.

[8] A multiplexed connection consists of several signals being sent over a shared, common medium. With SSH, different channels are sent over a common secure connection.