Secure Shell

SSH

Family:

Operation area:

Data transmission on application layer,
remote control of computers

Port:

22 / TCP, 22 / UDP, 22 / SCTP

SSH in the TCP / IP protocol stack :
application	SSH
transport	TCP
Internet	IP ( IPv4 , IPv6 )
Network access	Ethernet	Token bus	Token ring	FDDI	...

Secure Shell or SSH describes a cryptographic network protocol for the secure operation of network services over unsecured networks. It is often used to make a remote command line available locally , that is, the outputs of the remote console are output on a local console and the local keyboard entries are sent to the remote computer. This can be used, for example, for remote maintenance of a server located in a remote data center . The newer protocol version SSH-2 offers additional functions such as data transmission via SFTP .

SSH serves as a substitute for other insecure methods such as Telnet to access remote computers that transmit sensitive information such as passwords in plain text . This makes them vulnerable to man-in-the-middle attacks and a loss of confidentiality through packet analyzers , which record the data packets . The encryption technology used by SSH therefore has the purpose of ensuring the confidentiality, integrity and authenticity of data that is sent over an insecure network (such as the Internet ).

SSH uses the client-server architecture. An SSH client application connects to an SSH server . The protocol specification is divided into two versions, referred to as SSH-1 and SSH-2. SSH was originally used mainly under Unix-like operating systems. However, it has recently also been used under Microsoft Windows .

The IANA has the protocol to TCP - port 22, UDP - Port 22 and SCTP - Port assigned to the 22nd

history

The first version of the protocol (now called SSH-1) was created by Tatu Ylönen in 1995 in response to the demand for drop-in replacements for Berkeley Services on Unix, including the rsh (remote shell), rcp (remote copy) and rlogin (remote login). He released his implementation as freeware in 1995, which then quickly gained popularity; At the end of 1995 there were already 20,000 users in fifty countries.

In December Tatu Ylönen founded SSH Communications Security to market and develop SSH. The original software originally contained open source source code, but over time it developed more and more into proprietary software.

After some weaknesses in the integrity check of SSH-1 became known, a revised version of the protocol was developed in 1996 with SSH-2. It is incompatible with SSH-1. Among other things, the protocol was broken down into various individual parts, thus enabling the use of secure encryption and authentication algorithms. This eliminates the vulnerabilities of SSH-1.

In 1999 the desire for a free implementation of SSH was expressed, and the last free version of the original implementation developed into the separate OpenSSH project. Since then, at the latest, the SSH protocol has existed in two versions: as open source software (OpenSSH) and as proprietary software (product name: SSH Tectia), developed and distributed by SSH Communications Security, i.e. the original developers around Ylönen.

In 2005, ten years after the original development, the company SSH Communications Security went public with Generation 3 (SSH G3). This protocol version supports the use of the controversial proprietary algorithm CryptiCore. The other, established encryption algorithms are still supported. In 2006 this protocol (version 2) was proposed by the IETF as an Internet standard. FIPS Standard 140-2 certification has been in existence for a long time.

use

An X11 connection is forwarded via SSH

SSH enables a secure, authenticated and encrypted connection between two computers over an insecure network. Thus it serves as a replacement for the predecessors rlogin , telnet and rsh ; these transmit all network traffic, including the passwords, unencrypted.

The original area of application is logging on to remote computers via a network (mostly the Internet), but SSH-2 in particular is not limited to terminal functions.

SFTP and SCP offer cryptographically more secure alternatives to FTP and RCP .
X11 can be transported via SSH and thus secured.
Any TCP / IP connections can be tunneled via SSH ( port forwarding ); a single port is forwarded from a remote server to the client or vice versa. For example, an otherwise unencrypted VNC connection can be secured.
An SSH client can behave like a SOCKS server and thus enables automated access to remote computers through the SSH tunnel , for example to bypass a firewall.
A remote file system can be mounted on the local computer via SSHFS .
With "ssh-keyscan" the public key of a remote computer can be read out. With the help of the associated public key, you can, for example, determine whether the IP address and / or the DNS entry of an SSH server has been manipulated.

Optionally, the connection can also be compressed in order to speed up data transmission and to save bandwidth.

This means that several application scenarios can now be represented:

Secure System Administration

to secure the remote administration of servers. Replaces telnet, rlogin etc.

Secure Application Tunneling (secure tunneling)

for the transparent protection of TCP / IP-based applications as " end-to-end security".

Secure Remote Command Execution (secure execution of commands)

for executing individual commands on another computer. In doing so stdin, stdoutand stderrare forwarded transparently. Special case of this:

Secure Subsystem Execution (secure execution of subsystems): to execute commands predefined on the server, stderrbut not forwarding them.
Example: Secure File Transfer
to create secure, automated and interactive file transfers.

Note: SSH can also run across multiple stations.

Subsystems

In the case of Secure Subsystem Execution , subsystems defined in an SSH server installation can be executed remotely without knowing the exact path of the program to be executed on the server. SFTP is the most common subsystem.

However, several such subsystems are still defined in the relevant RFCs. In addition, each administrator can define his own subsystems; In the case of subsystems that are not IANA registered, the Conventions for Names should be observed (keyword @ syntax).

service	SSH Connection Protocol Subsystem Name according to RFC 4250	specification
SFTP	sftp	draft-ietf-secsh-filexfer
SSH public key subsystem	publickey	RFC 4819
SNMP	snmp	RFC 5592
Netconf	netconf	RFC 6242
SSH transport mapping for SYSLOG	syslog	draft-gerhards-syslog-transport-ssh-00.txt
Powershell	powershell	SSH remoting in PowerShell

functionality

Securing the transport layer

Before the client is authenticated, a secret key is negotiated between the server and the client for the duration of the session, with which all subsequent communication is encrypted. First, the server identifies itself to the client with an RSA , DSA or ECDSA certificate, which means that manipulations in the network can be detected (no other server can pretend to be a known server). SSH-2 uses AES , 3DES , Blowfish , Twofish and other symmetric encryption methods for the actual encryption of the connection . If supported by both sides, a new key is negotiated again under certain conditions (e.g. amount of data transferred, time elapsed) in order to make an attack on the security of the transport layer more difficult. The SSH G3 version also supports the proprietary CryptiCore algorithm , which, according to the manufacturer, offers a gain in speed, but its security is doubted by the crypto expert Bruce Schneier .

Authentication

After the transport layer has been secured, the client can, among other things, authenticate itself using public key authentication with a private key whose public key has been stored on the server, or with a common password . While the latter usually requires user interaction, public key authentication enables client computers to log into SSH servers without user interaction, without having to save a password on the client in plain text. The private SSH keys can be password-protected for further security. Newer versions of the OpenSSH server support two-factor authentication or multi-factor authentication with various configuration options , in which a combination of supported authentication methods such as password specification in combination with the time-based one-time password algorithm (TOTP) must be successfully completed to register.

safety

The integrity check used by SSH-1 has vulnerabilities that allow an attacker to spy on an SSH-1 session. Therefore, only SSH-2 should be used, which is currently considered secure. This version is characterized by the modular structure of the transport, authorization and connection layers and, in contrast to SSH-1, enables the use of different encryption algorithms .

Implementations

SSH implementations were originally only available under Unix , but now both SSH servers and clients have been programmed for other platforms (see also: History ). The SSH clients PuTTY (for Microsoft Windows and Unix and Symbian ) and WinSCP , for example, are popular . Under Cygwin there is also a sshd for Windows, which on OpenSSH is based. This allows you to log in to a Windows machine via SSH and get a shell there. This is a powerful tool for script-controlled tasks, for example data backup.

With OpenSSH there is a free implementation of SSH, which has meanwhile reached a very high level of use. Other free versions are dropbear or lsh .

There is also the free SSH implementation freeSSHd for Microsoft Windows. The SSH server can be installed as a service under Windows. The user control supports NT authentication, so you can log on to a domain . The Bitvise SSH server is even more extensive and is also available free of charge for personal and non-commercial use. With the Windows 10 Fall Creators Update, an OpenSSH server and client is now available (initially in the beta version) as feature-on-demand in Windows 10.

The SSH Communications Security to the SSH Tectia client / server offers a commercial SSH implementation, the authentication using smart cards and USB tokens (PKCS # 11) and X.509 allows -v3 certificates. OpenSSH can also use smart cards.

Norms and standards

SSH is standardized by the following RFCs , which have been proposed as the Internet standard by the IETF "secsh" working group :

RFC 4250 - The Secure Shell (SSH) Protocol Assigned Numbers
RFC 4251 - The Secure Shell (SSH) Protocol Architecture
RFC 4252 - The Secure Shell (SSH) Authentication Protocol
RFC 4253 - The Secure Shell (SSH) Transport Layer Protocol
RFC 4254 - The Secure Shell (SSH) Connection Protocol
RFC 4255 - Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
RFC 4256 - Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
RFC 4335 - The Secure Shell (SSH) Session Channel Break Extension
RFC 4344 - The Secure Shell (SSH) Transport Layer Encryption Modes
RFC 4345 - Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol

It was then modified and extended by the following RFCs :

RFC 4419 - Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol (March 2006)
RFC 4432 - RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol (March 2006)
RFC 4462 - Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol (May 2006)
RFC 4716 - The Secure Shell (SSH) Public Key File Format (November 2006)
RFC 4819 - Secure Shell Public Key Subsystem (March 2007)
RFC 5647 - AES Galois Counter Mode for the Secure Shell Transport Layer Protocol (August 2009)
RFC 5656 - Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer (December 2009)
RFC 6187 - X.509v3 Certificates for Secure Shell Authentication (March 2011)
RFC 6239 - Suite B Cryptographic Suites for Secure Shell (SSH) (May 2011)
RFC 6594 - Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records (April 2012)
RFC 6668 - SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol (July 2012)
RFC 7479 - Ed25519 SSHFP Resource Records (March 2015)
RFC 5592 - Secure Shell Transport Model for the Simple Network Management Protocol (SNMP) (June 2009)
RFC 6242 - Using the NETCONF Protocol over Secure Shell (SSH) (June 2011)
draft-gerhards-syslog-transport-ssh-00 - SSH transport mapping for SYSLOG (July 2006)
draft-ietf-secsh-filexfer-13 - SSH File Transfer Protocol (July 2006)

In addition, the OpenSSH project contains the following manufacturer-specific protocol specifications and extensions:

literature

Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes: SSH, the Secure Shell - The Definitive Guide . 2nd edition, O'Reilly, Sebastopol, CA, 2005, ISBN 978-0-596-00895-6 .
Michael W. Lucas: SSH Mastery: OpenSSH, PuTTY, Tunnels and Keys . CreateSpace Ind. Publ., 2012, ISBN 978-1-4700-6971-1 .

Web links

Commons : SSH - collection of images, videos and audio files

ssh (1) - Linux man page (English) - Linux manual page ( manpage ) for the ssh command as well as for OpenSSH and the SSH client

Secure Shell (secsh) (English) - Site of the working group at the IETF

OpenSSH - official homepage

Individual evidence

↑ T. Ylonen, C. Lonvick: RFC 4251 . - The Secure Shell (SSH) Protocol Architecture . January 2006. (English).
^ SSH Hardens the Secure Shell .
↑ ^a ^b T. Ylonen, C. Lonvick: RFC 4252 . - The Secure Shell (SSH) Authentication Protocol . January 2006. (English).
↑ Microsoft Docs OpenSSH in Windows .
↑ OpenSSH for Windows .
^ Service Name and Transport Protocol Port Number Registry. Retrieved May 27, 2020 .
↑ Secure Shell (SSH) Protocol Parameters. IANA, accessed June 15, 2020 .
↑ T. Ylonen, C. Lonvick: RFC 4253 . - The Secure Shell (SSH) Transport Layer Protocol . January 2006. (English).
^ Crypto-Gram
↑ Changelog OpenSSH 6.2
↑ How To Set Up Multi-Factor Authentication for SSH on Ubuntu 16.04. Retrieved March 9, 2018 .
↑ Part 4 - Using Secure Shell (SSH). (PDF) In: Technical Guideline TR-02102-4 | Cryptographic procedures: recommendations and key lengths. Federal Office for Information Security , January 2020, accessed on June 16, 2020 : "The use of SSH-2 is recommended."
↑ Windows 10 OpenSSH as Feature-On-Demand. Microsoft, accessed January 2, 2017 .

[rfc4251-1] T. Ylonen, C. Lonvick: RFC 4251 . - The Secure Shell (SSH) Protocol Architecture . January 2006. (English).

[2] SSH Hardens the Secure Shell .

[rfc4252-3] T. Ylonen, C. Lonvick: RFC 4252 . - The Secure Shell (SSH) Authentication Protocol . January 2006. (English).

[4] Microsoft Docs OpenSSH in Windows .

[5] OpenSSH for Windows .

[6] Service Name and Transport Protocol Port Number Registry. Retrieved May 27, 2020 .

[7] Secure Shell (SSH) Protocol Parameters. IANA, accessed June 15, 2020 .

[8] T. Ylonen, C. Lonvick: RFC 4253 . - The Secure Shell (SSH) Transport Layer Protocol . January 2006. (English).

[9] Crypto-Gram

[10] Changelog OpenSSH 6.2

[ocean1-11] How To Set Up Multi-Factor Authentication for SSH on Ubuntu 16.04. Retrieved March 9, 2018 .

[12] Part 4 - Using Secure Shell (SSH). (PDF) In: Technical Guideline TR-02102-4 | Cryptographic procedures: recommendations and key lengths. Federal Office for Information Security , January 2020, accessed on June 16, 2020 : "The use of SSH-2 is recommended."

[13] Windows 10 OpenSSH as Feature-On-Demand. Microsoft, accessed January 2, 2017 .