7.5. Summary

In this chapter, we studied the SSH protocol, a drop-in replacement for telnet, ftp, and the BSD r-commands. The protocol has two incompatible versions, but most implementations support them both.

SSHv1, the older protocol version, can provide a secure remote shell session, a secure channel between any two distributed applicationswhether or not they are SSH-awareX11 and port forwarding, and the secure file copy utility, scp. The server and user authentication mechanisms that SSHv1 uses ensure that the SSH client is talking to the correct server, and that the user is authorized to connect to the server.

Finally, SSHv1 has fundamental security problems. The chief problem is the use of a CRC as a MAC for authenticating messages. These problems led to the development of SSHv2.

SSHv2 is a completely different protocol. It replaces the monolithic architecture of SSHv1 with a layered architecture where an SSHv2 transport protocol provides a vehicle for the SSHv2 authentication and connection protocols. The server authentication mechanism is also different from that of SSHv1.

We concluded our examination of SSHv2 by looking at its security properties, and saw that the only attacks are not very serious and can, in any event, be avoided by not using CBC mode while encrypting. We concluded that SSHv2 provides good security and provides a flexible infrastructure that will allow it to adapt to changing conditions.

Finally, we used SSH and our gtunnel skeleton to build a VPN between two machines. As with our SSL VPN from Chapter 6, this VPN is not appropriate for high-volume production work but can be useful for ad hoc and temporary solutions to problems requiring a VPN.