www.allitebooks.com


www.allitebooks.com


SSH, the Secure Shell
The Definitive Guide

www.allitebooks.com


Other computer security resources from O’Reilly
Related titles

Security Books
Resource Center

802.11 Security
Digital Identity
Firewall Warrior
Internet Forensics
Network Security Assessment

Network Security with
OpenSSL
nmap: The Definitive Guide
Managing Security with Snort
and IDS Tools
PGP: Pretty Good Privacy
Snort Cookbook

security.oreilly.com is a complete catalog of O’Reilly’s books on
security and related technologies, including sample chapters
and code examples.
oreillynet.com is the essential portal for developers interested in
open and emerging technologies, including new platforms, programming languages, and operating systems.

Conferences

O’Reilly brings diverse innovators together to nurture the ideas
that spark revolutionary industries. We specialize in documenting the latest tools and systems, translating the innovator’s
knowledge into useful skills for those in the trenches. Visit conferences.oreilly.com for our upcoming events.
Safari Bookshelf (safari.oreilly.com) is the premier online reference library for programmers and IT professionals. Conduct
searches across more than 1,000 books. Subscribers can zero in
on answers to time-critical questions in a matter of seconds.
Read the books on your Bookshelf from cover to cover or simply flip to the page you need. Try it today with a free trial.

www.allitebooks.com


SECOND EDITION

SSH, the Secure Shell
The Definitive Guide

Daniel J. Barrett, Richard E. Silverman,
and Robert G. Byrnes

Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo


www.allitebooks.com


SSH, the Secure Shell: The Definitive Guide™

by Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes
Copyright © 2005, 2001 O’Reilly Media, Inc. All rights reserved.
Printed in the United States of America.
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.
O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions
are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or

Editor:

Mike Loukides

Production Editor:

Mary Brady

Cover Designer:

Ellie Volckhausen

Interior Designer:

David Futato

Printing History:
February 2001:

May 2005:

First Edition.
Second Edition.

Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of
O’Reilly Media, Inc. SSH, the Secure Shell: The Definitive Guide, the image of a land snail, and related
trade dress are trademarks of O’Reilly Media, Inc.
Many of the designations used by manufacturers and sellers to distinguish their products are claimed as
trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a
trademark claim, the designations have been printed in caps or initial caps.
While every precaution has been taken in the preparation of this book, the publisher and authors
assume no responsibility for errors or omissions, or for damages resulting from the use of the
information contained herein.

This book uses RepKover™, a durable and flexible lay-flat binding.
ISBN: 0-596-00895-3
ISBN13: 978-0-596-00895-6
[M]

[1/07]

www.allitebooks.com


Table of Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
1. Introduction to SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1

1.2
1.3
1.4
1.5
1.6
1.7

What Is SSH?
What SSH Is Not
The SSH Protocol
Overview of SSH Features
History of SSH
Related Technologies
Summary

1
3
3
5
9
10
15

2. Basic Client Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.1
2.2
2.3
2.4
2.5
2.6

2.7
2.8

A Running Example
Remote Terminal Sessions with ssh
Adding Complexity to the Example
Authentication by Cryptographic Key
The SSH Agent
Connecting Without a Password or Passphrase
Miscellaneous Clients
Summary

16
16
18
21
28
32
33
34

3. Inside SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.1
3.2
3.3
3.4
3.5

Overview of Features
A Cryptography Primer

The Architecture of an SSH System
Inside SSH-2
Inside SSH-1

36
39
43
45
68

v

www.allitebooks.com


3.6
3.7
3.8
3.9
3.10
3.11
3.12

Implementation Issues
SSH and File Transfers (scp and sftp)
Algorithms Used by SSH
Threats SSH Can Counter
Threats SSH Doesn’t Prevent
Threats Caused by SSH
Summary


69
81
84
91
93
97
98

4. Installation and Compile-Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 99
4.1.
4.2
4.3
4.4
4.5
4.6

Overview
Installing OpenSSH
Installing Tectia
Software Inventory
Replacing r-Commands with SSH
Summary

99
106
111
124
125
127


5. Serverwide Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
5.11

Running the Server
Server Configuration: An Overview
Getting Ready: Initial Setup
Authentication: Verifying Identities
Access Control: Letting People In
User Logins and Accounts
Forwarding
Subsystems
Logging and Debugging
Compatibility Between SSH-1 and SSH-2 Servers
Summary

129
132
141
171

184
198
201
206
209
223
226

6. Key Management and Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
6.1
6.2
6.3
6.4
6.5
6.6
6.7

vi

|

What Is an Identity?
Creating an Identity
SSH Agents
Multiple Identities
PGP Authentication in Tectia
Tectia External Keys
Summary

Table of Contents


www.allitebooks.com

227
233
242
260
262
264
265


7. Advanced Client Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
7.1
7.2
7.3
7.4
7.5
7.6
7.7

How to Configure Clients
Precedence
Introduction to Verbose Mode
Client Configuration in Depth
Secure Copy with scp
Secure, Interactive Copy with sftp
Summary

266

276
277
278
313
323
325

8. Per-Account Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
8.1
8.2
8.3
8.4
8.5

Limits of This Technique
Public-Key-Based Configuration
Hostbased Access Control
The User rc File
Summary

326
328
346
348
348

9. Port Forwarding and X Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
9.1
9.2
9.3

9.4
9.5
9.6

What Is Forwarding?
Port Forwarding
Dynamic Port Forwarding
X Forwarding
Forwarding Security: TCP-wrappers and libwrap
Summary

350
351
373
377
389
395

10. A Recommended Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
10.1
10.2
10.3
10.4
10.5
10.6
10.7
10.8

The Basics
Compile-Time Configuration

Serverwide Configuration
Per-Account Configuration
Key Management
Client Configuration
Remote Home Directories (NFS, AFS)
Summary

396
397
397
403
404
404
404
407

11. Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
11.1
11.2
11.3
11.4

Unattended SSH: Batch or cron Jobs
FTP and SSH
Pine, IMAP, and SSH
Connecting Through a Gateway Host

408
415
436

444

Table of Contents

www.allitebooks.com

|

vii


11.5 Scalable Authentication for SSH
11.6 Tectia Extensions to Server Configuration Files
11.7 Tectia Plugins

452
468
479

12. Troubleshooting and FAQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
12.1 Debug Messages: Your First Line of Defense
12.2 Problems and Solutions
12.3 Other SSH Resources

495
497
513

13. Overview of Other Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
13.1 Common Features

13.2 Covered Products
13.3 Other SSH Products

515
516
516

14. OpenSSH for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
14.1
14.2
14.3
14.4
14.5
14.6

Installation
Using the SSH Clients
Setting Up the SSH Server
Public-Key Authentication
Troubleshooting
Summary

521
522
522
524
525
525

15. OpenSSH for Macintosh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526

15.1 Using the SSH Clients
15.2 Using the OpenSSH Server

526
526

16. Tectia for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
16.1
16.2
16.3
16.4
16.5
16.6
16.7
16.8
16.9
16.10
16.11

viii

|

Obtaining and Installing
Basic Client Use
Key Management
Accession Lite
Advanced Client Use
Port Forwarding
Connector

File Transfers
Command-Line Programs
Troubleshooting
Server

Table of Contents

www.allitebooks.com

532
533
534
536
539
542
543
551
552
554
555


17. SecureCRT and SecureFX for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
17.1
17.2
17.3
17.4
17.5
17.6
17.7

17.8
17.9
17.10

Obtaining and Installing
Basic Client Use
Key Management
Advanced Client Use
Forwarding
Command-Line Client Programs
File Transfer
Troubleshooting
VShell
Summary

563
564
564
568
570
572
572
574
574
575

18. PuTTY for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
18.1
18.2
18.3

18.4
18.5
18.6
18.7

Obtaining and Installing
Basic Client Use
File Transfer
Key Management
Advanced Client Use
Forwarding
Summary

576
576
578
580
583
587
589

A. OpenSSH 4.0 New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
B. Tectia Manpage for sshregex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
C. Tectia Module Names for Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
D. SSH-1 Features of OpenSSH and Tectia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
E. SSH Quick Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629

Table of Contents


|

ix



Preface

Welcome to the second edition of our book on SSH, one of the world’s most popular approaches to computer network security. Here’s a sampling of what’s new in
this edition:
• Over 100 new features, options, and configuration keywords from the latest versions of OpenSSH and SSH Tectia (formerly known as SSH Secure Shell or SSH2
from ssh.com)
• Expanded material on the SSH-2 protocol and its internals, including a step-bystep tour through the transport, authentication, and connection phases
• Running OpenSSH on Microsoft Windows and Macintosh OS X
• All-new chapters on Windows software such as Tectia, SecureCRT, and PuTTY
• Scalable authentication techniques for large installations, including X.509 certificates
• Single sign-on between Linux and Windows via Kerberos/GSSAPI
• Logging and debugging in greater depth
• Tectia’s metaconfiguration, subconfiguration, and plugins, with examples
...and much more! You might be surprised at how much is changed, but in the past
four years, SSH has significantly evolved:
SSH-2 protocol triumphant
Back in 2001, only a handful of SSH products supported the relatively new SSH2 protocol, and the primary implementation was commercial. Today, the old
SSH-1 protocol is dying out and all modern SSH products, free and commercial,
use the more secure and flexible SSH-2 protocol. We now recommend that
everyone avoid SSH-1.
The rise of OpenSSH
This little upstart from the OpenBSD world has become the dominant implementation of SSH on the Internet, snatching the crown from the original, SSH
Secure Shell (now called SSH Tectia, which we abbreviate as Tectia). Tectia is


xi
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.


still more powerful than OpenSSH in important ways; but as OpenSSH is now
included as standard with Linux, Solaris, Mac OS X, and beyond, it dominates
in pure numbers.
The death of telnet and the r-tools
The insecure programs telnet, rsh, rcp, and rlogin—long the standards for communication between computers—are effectively extinct.* FTP is also on the way
out, except when operated behind firewalls or over private lines.
An explosion of Windows products
In 2001, there were a handful of SSH implementations for Windows; now there
are dozens of GUI clients and several robust servers, not to mention a full port of
the free OpenSSH.
Increased attacks
The Internet has experienced a sharp rise in computer intrusions. Now more
than ever, your servers and firewalls should be configured to block all remote
accesses except via SSH (or other secure protocols).

Protect Your Network with SSH
Let’s start with the basics. SSH, the Secure Shell, is a reliable, reasonably easy to use,
inexpensive security product for computer networks and the people who use them.
It’s available for most of today’s operating systems.
Privacy is a basic human right, but on today’s computer networks, privacy isn’t
guaranteed. Much of the data that travels on the Internet or local networks is
transmitted as plain text, and may be captured and viewed by anybody with a little technical know-how. The email you send, the files you transmit between computers, even the passwords you type may be readable by others. Imagine the
damage that can be done if an untrusted third party—a competitor, the CIA, your
in-laws— intercepted your most sensitive communications in transit.
SSH is a small, unassuming, yet powerful and robust solution to many of these

issues. It keeps prying eyes away from the data on your network. It doesn’t solve
every privacy and security problem, but it eliminates several of them effectively. Its
major features are:
• A secure, client/server protocol for encrypting and transmitting data over a network
• Authentication (recognition) of users by password, host, or public key, plus
optional integration with other popular authentication systems, such as PAM,
Kerberos, SecurID, and PGP

* Not counting secure versions of these tools, e.g., when enhanced with Kerberos support. [1.6.3]

xii

|

Preface
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.


• The ability to add security to insecure network applications such as Telnet,
NNTP, VNC, and many other TCP/IP-based programs and protocols
• Almost complete transparency to the end user
• Implementations for most operating systems

Intended Audience
We’ve written this book for system administrators and technically minded users.
Some chapters are suitable for a wide audience, while others are thoroughly technical and intended for computer and networking professionals.

End-User Audience
Do you have two or more computer accounts on different machines? SSH lets you

connect one to another with a high degree of security. You can remotely log into one
account from the other, execute remote commands, and copy files between
accounts, all with the confidence that nobody can intercept your username, password, or data in transit.
Do you connect from a personal computer to an Internet service provider (ISP)? In
particular, do you connect to a Unix shell account at your ISP? If so, SSH can make
this connection significantly more secure. An increasing number of ISPs are running
SSH servers for their users. In case your ISP doesn’t, we’ll show you how to run a
server yourself.
Do you develop software? Are you creating distributed applications that must communicate over a network securely? Then don’t reinvent the wheel: use SSH to
encrypt the connections. It’s a solid technology that may reduce your development
time.
Even if you have only a single computer account, as long as it’s connected to a network, SSH can still be useful. For example, if you’ve ever wanted to let other people
use your account, such as family members or employees, but didn’t want to give
them unlimited use, SSH can provide a carefully controlled, limited-access channel
into your account.

Prerequisites
We assume you are familiar with computers and networking as found in any modern business office or home system with an Internet connection. Ideally, you are
familiar with network applications like Telnet and FTP. If you are a Unix user, you
should be familiar with standard network applications (e.g., ftp) and the basics of
writing shell scripts and Perl scripts.

Preface |
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.

xiii


System-Administrator Audience

If you’re a Unix or Macintosh OS X system administrator, you probably know
about SSH already. It’s less well known in the Windows world, where secure logins are usually accomplished with radmin (Remote Administrator) and other
remote desktop applications, and network file transfers are done using network
shares. In contrast, SSH is more focused on the command line and is therefore
more scriptable than the usual Windows techniques. SSH also can increase the
security of other TCP/IP-based applications on your network by transparently
“tunneling” them through SSH-encrypted connections. You will love SSH.

Prerequisites
In addition to the end-user prerequisites in the previous section, you should be familiar with user accounts and groups, networking concepts such as TCP/IP and packets, and basic encryption techniques.

Reading This Book
This book is divided roughly into three parts. The first three chapters are a general
introduction to SSH, first at a high level for all readers (Chapters 1 and 2), and then
in detail for technical readers (Chapter 3).
The next nine chapters cover SSH for Unix and similar operating systems (OpenBSD,
Linux, Solaris, etc.). The first two (Chapters 4 and 5) cover SSH installation and serverwide configuration for system administrators. The next four (Chapters 6–9) cover
advanced topics for end users, including key management, client configuration, peraccount server configuration, and forwarding. We complete the Unix sequence with
our recommended setup (Chapter 10), some detailed case studies (Chapter 11), and
troubleshooting tips (Chapter 12). The remaining chapters cover SSH products for
Windows and the Macintosh, plus brief overviews of implementations for other
platforms.
Each section in the book is numbered, and we provide cross-references throughout
the text. If further details are found in Section 7.1.2.2, we use the notation [7.1.2.2]
to indicate it.

Our Approach
This book is organized by concept rather than syntax. We begin with an overview
and progressively lead you deeper into the functionality of SSH. So, we might introduce a topic in Chapter 1, show its basic use in Chapter 2, and reveal advanced uses
in Chapter 7. If you prefer the whole story at once, Appendix E presents all commands and configuration options in one location.


xiv |

Preface
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.


We focus strongly on three levels of server configuration, which we call compiletime, serverwide, and per-account configuration. Compile-time configuration
(Chapter 4) means selecting appropriate options when you build the SSH clients and
servers. Serverwide configuration (Chapter 5) applies when the SSH server is run and
is generally done by system administrators, while per-account configuration
(Chapter 8) can be done anytime by end users. It’s vitally important for system
administrators to understand the relationships and differences among these three levels. Otherwise, SSH may seem like a morass of random behaviors.
Although the bulk of material focuses on Unix implementations of SSH, you don’t
have to be a Unix user to understand it. Fans of Windows and the Macintosh may
stick to the later chapters devoted to their platforms, but a lot of the meaty details
are in the Unix chapters, so we recommend reading them, at least for reference.

Which Chapters Are for You?
We propose several “tracks” for readers with different interests and skills:
System administrators
Chapters 3–5 and 10 are the most important for understanding SSH and how to
build and configure servers. However, as the administrator of a security product, you should read the whole book.
Unix users (not system administrators)
Chapters 1 and 2 provide an overview, and Chapters 6–9 discuss SSH clients in
depth.
Windows end users
Read Chapters 1, 2, 13, 14, and 16–18 for starters, and then others as your interests guide you.
Macintosh end users

Read Chapters 1, 2, 13, and 15 for starters, and then others as your interests
guide you.
Users of other computer platforms
Read Chapters 1, 2, and 13 for starters, and then others as your interests guide
you.
Even if you are experienced with SSH, you’ll likely find value in Chapters 3–12. We
cover significant details the Unix manpages leave unclear or unmentioned, including
major concepts, compile-time flags, server configuration, and forwarding.

Preface |
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.

xv


Supported Platforms
This book covers Unix, Windows, and Macintosh implementations of SSH.
When we say “Unix” in this book, we mean the whole family of Unixlike operating systems such as Linux, OpenBSD, and Solaris.

SSH products are also available for the Amiga, BeOs, Java, OS/2, Palm Pilot, VMS,
and Windows CE, and although we don’t cover them, their principles are the same.
This book is current for the following Unix SSH versions:
OpenSSH
SSH Tectia
a

3.9a
4.2


See Appendix A for a preview of new features in OpenSSH 4.0.

Version information for non-Unix products is found in their respective chapters.

Disclaimers
We identify some program features as “undocumented.” This means the feature isn’t
mentioned in the official documentation but works in the current release and/or is
clear from the program source code. Undocumented features might not be officially
supported by the software authors and can disappear in later releases.

Conventions Used in This Book
The following typographical conventions are used in this book:
Constant width

For configuration files, things that can be found in configuration files (such as
keywords and configuration file options), source code, and interactive terminal
sessions.
Constant width italic

For replaceable parameters on command lines or within configuration files.
Italic
For filenames, URLs, hostnames, command names, command-line options, and
new terms where they are defined.
AK

In figures, the object labeled A has been secured using a cryptographic key
labeled K. “Secured” means encrypted, signed, or some more complex relationship, depending on the context. If A is secured using multiple keys (say, K and
L), they are listed in the subscript, separated by commas: A K, L.

xvi |


Preface
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.


This icon indicates a tip, suggestion, or general note.

This icon indicates a warning or caution.

Comments and Questions
Please address comments and questions concerning this book to the publisher:
O’Reilly Media, Inc.
1005 Gravenstein Highway North
Sebastopol, CA 95472
(800) 998-9938 (in the United States or Canada)
(707) 829-0515 (international/local)
(707) 829-0104 (fax)
There is a web page for this book, which lists errata, examples, or any additional
information. You can access this page at:
/>To comment or ask technical questions about this book, send email to:

For more information about books, conferences, Resource Centers, and the O’Reilly
Network, see the O’Reilly web site at:


Safari Enabled
When you see a Safari® Enabled icon on the cover of your favorite technology book, it means the book is available online through the O’Reilly
Network Safari Bookshelf.
Safari offers a solution that’s better than e-books. It’s a virtual library that lets you

easily search thousands of top technology books, cut and paste code samples, download chapters, and find quick answers when you need the most accurate, current
information. Try it for free at .

Preface |
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.

xvii


Acknowledgments
Our biggest thanks go to the two parties who made this second edition a reality: the
many readers who purchased the first edition, and our editor Mike Loukides. We
couldn’t have done this without you!
We thank the O’Reilly “tools” team for Frame typesetting advice, and Rob Romano
for turning our hasty sketches into polished illustrations. Special thanks to the
O’Reilly production team, Keith Fahlgren, John Bickelhaupt, Audrey Doyle, and
Mary Brady, for their hard work creating the final package.
We thank our excellent technical reviewers for their thorough reading and insightful
comments: Markus Friedl and Damien Miller of the OpenSSH team, Paul Lussier,
Drew Simonis, and Mike Smith. Big thanks also to several vendors of SSH products
who provided us with free copies of their software, reviewed the manuscript, and
answered our questions. From SSH Communications Security, maker of SSH Tectia,
we thank Nicolas Gabriel-Robez, Tommi Lampila, Sami J. Lehtinen, Timo J. Rinne,
Janne Saarikko, Petri Sakkinen, Vesa Vatka, and Timo Westerberg. From VanDyke
Software, maker of SecureCRT, SecureFX, and VShell, we thank Jill Christian, Maureen Jett, Marc Orchant, and Tracy West. SSH Communications Security also kindly
gave us permission to include the sshregex manpage (Appendix B) and the sshdebug.h
error codes (Appendix C).
Dan Barrett thanks Lisa and Sophie for bearing the late-night writing and hacking
sessions required for this book. He also thanks Alex Schowtka and Robert Dulaney

of VistaPrint, his employer, for their kind permission to work on this project. Bob
Byrnes thanks Alison and Rebecca for all of their help and understanding throughout the many nights and weekends when he was glued to his keyboard. Richard Silverman thanks his coauthors for their unfailing good humor and patience—even
when a sudden decision to change jobs and move out of state threw his book schedule into chaos. He also thanks his various friends, especially Bob Stepno, for listening to his endless chatter about The Book. It’s truly a wonder they still speak to him
at all.

xviii |

Preface
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.


Chapter 1

CHAPTER 1

Introduction to SSH

Many people today have multiple computer accounts. If you’re a reasonably savvy
user, you might have a personal account with an Internet service provider (ISP), a
work account on your employer’s local network, and a few computers at home. You
might also have permission to use other accounts owned by family members or
friends.
If you have multiple accounts, it’s natural to want to make connections between
them. For instance, you might want to copy files between computers over a network,
log into one account remotely from another, or transmit commands to a remote computer for execution. Various programs exist for these purposes, such as ftp for file
transfers, telnet for remote logins, and rsh for remote execution of commands.
Unfortunately, many of these network-related programs have a fundamental problem: they lack security. If you transmit a sensitive file via the Internet, an intruder can
potentially intercept and read the data. Even worse, if you log onto another computer remotely using a program such as telnet, your username and password can be
intercepted as they travel over the network. Yikes!

How can these serious problems be prevented? You can use an encryption program to
scramble your data into a secret code nobody else can read. You can install a firewall, a device that shields portions of a computer network from intruders, and keep
all your communications behind it. Or you can use a wide range of other solutions,
alone or combined, with varying complexity and cost.

1.1

What Is SSH?

SSH, the Secure Shell, is a popular, powerful, software-based approach to network
security.* Whenever data is sent by a computer to the network, SSH automatically
encrypts (scrambles) it. Then, when the data reaches its intended recipient, SSH

* “SSH” is pronounced by spelling it aloud: S-S-H.

1
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.


automatically decrypts (unscrambles) it. The result is transparent encryption: users
can work normally, unaware that their communications are safely encrypted on the
network. In addition, SSH uses modern, secure encryption algorithms and is effective enough to be found within mission-critical applications at major corporations.
SSH has a client/server architecture, as shown in Figure 1-1. An SSH server program,
typically installed and run by a system administrator, accepts or rejects incoming
connections to its host computer. Users then run SSH client programs, typically on
other computers, to make requests of the SSH server, such as “Please log me in,”
“Please send me a file,” or “Please execute this command.” All communications
between clients and servers are securely encrypted and protected from modification.
Computer


SSH
Clien
t

Log me in

OK
Child
Process
run

Log me in

Child
Process

run

SSH
Serve

run
r

Child
Process

Send file X


Here is file X
run

Denied

Child
Process
SSH
Clien
t
OK
SSH
Clien
t
Run this command
SSH
Clien
t
Computer

Figure 1-1. SSH architecture

2 |

Chapter 1: Introduction to SSH
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.

Computer



Our description is simplified but should give you a general idea of what SSH does.
We’ll go into depth later. For now, just remember that SSH clients communicate
with SSH servers over encrypted network connections.
SSH software is very common today. It comes with most Linux distributions, Macintosh OS X, Sun Solaris, OpenBSD, and virtually all other Unix-inspired operating
systems. Microsoft Windows has plenty of SSH clients and servers, both free and
commercial. You can even find it for PalmOS, Commodore Amiga, and most other
platforms. [13.3]
Many SSH clients are inspired by old Unix programs called the “r-commands:” rsh
(remote shell), rlogin (remote login), and rcp (remote copy). In fact, for many purposes the SSH clients are drop-in replacements for the r-commands, so if you’re still
using them, switch to SSH immediately! The old r-commands are notoriously insecure, and the SSH learning curve is small.

1.2

What SSH Is Not

Although SSH stands for Secure Shell, it is not a true shell in the sense of the Unix
Bourne shell and C shell. It is not a command interpreter, nor does it provide wildcard expansion, command history, and so forth. Rather, SSH creates a channel for
running a shell on a remote computer, with end-to-end encryption between the two
systems.
SSH is also not a complete security solution—but then, nothing is. It won’t protect
computers from active break-in attempts or denial-of-service attacks, and it won’t
eliminate other hazards such as viruses, Trojan horses, and coffee spills. It does,
however, provide robust and user-friendly encryption and authentication.

1.3

The SSH Protocol

SSH is a protocol, not a product. It is a specification of how to conduct secure communication over a network.*

The SSH protocol covers authentication, encryption, and the integrity of data transmitted over a network, as shown in Figure 1-2. Let’s define these terms:
Authentication
Reliably determines someone’s identity. If you try to log into an account on a
remote computer, SSH asks for digital proof of your identity. If you pass the test,
you may log in; otherwise, SSH rejects the connection.

* Although we say “the SSH protocol,” there are actually two incompatible versions of the protocols in common use: SSH-1 (a.k.a. SSH-1.5) and SSH-2. We distinguish these protocols later.

1.3 The SSH Protocol |
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.

3


Encryption
Scrambles data so that it is unintelligible except to the intended recipients. This
protects your data as it passes over the network.
Integrity
Guarantees the data traveling over the network arrives unaltered. If a third party
captures and modifies your data in transit, SSH detects this fact.
Authentication
I am me

t like to
jus
say

Encryption


yTdfa

an
4xxY672ghjKyyTdfau12VFgKJST4L887 .

d further

ike to say

ld
re, I wou

r

..

...an
d further

mo

SSH
Serve

I am me too

mo
re, I
u
would j


st l

SSH
Clien
t

Integrity
X%*!

???

Figure 1-2. Authentication, encryption, and integrity

In short, SSH makes network connections between computers, with strong guarantees
that the parties on both ends of the connection are genuine. It also ensures that any
data passing over these connections arrives unmodified and unread by eavesdroppers.

1.3.1

Protocols, Products, Clients, and Confusion

The first SSH product, created by Tatu Ylönen for Unix, was simply called “SSH.”
This caused confusion because SSH was also the name of the protocol. In this book,
we use more precise terminology to refer to protocols, products, and programs, summarized in the sidebar “Terminology: SSH Protocols and Products.” In short:
• Protocols are denoted with dashes: SSH-1, SSH-2.
• Products are denoted in mixed case, without dashes: OpenSSH, Tectia, PuTTY,
etc.
• Client programs are in lowercase: ssh, scp, putty, etc.


4 |

Chapter 1: Introduction to SSH
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.


Terminology: SSH Protocols and Products
SSH
A generic term referring to SSH protocols and software products.
SSH-1
The SSH protocol, Version 1. This is the original protocol, and it has serious limitations, so we do not recommend its use anymore.
SSH-2
The SSH protocol, Version 2, the most common and secure SSH protocol used
today. It is defined by draft standards documents of the IETF SECSH working
group. [3.4]

SSH1
The granddaddy of it all: the original SSH product created by Tatu Ylönen. It
implemented (and defined) the SSH-1 protocol and is now obsolete.

SSH2
The original SSH-2 product, created by Tatu Ylönen and his company, SSH Communications Security ().
ssh (all lowercase letters)
A client program run on the command line and included in many SSH products,
for running secure terminal sessions and remote commands. On some systems it
might be named ssh1 or ssh2.
OpenSSH
The product OpenSSH from the OpenBSD project, .


Tectia
The successor to SSH2, this refers to the product suite “SSH Tectia” from SSH
Communications Security. We abbreviate the name as simply “Tectia.” Since Tectia is available for both Unix and Windows, when we write “Tectia” we generally
mean the Unix version unless we say otherwise.

1.4

Overview of SSH Features

So, what can SSH do? Let’s run through some examples that demonstrate the major
features of SSH, such as secure remote logins, secure file copying, and secure invocation of remote commands.

1.4.1

Secure Remote Logins

Suppose you have login accounts on several computers on the Internet. Common
programs like telnet let you log into one computer from another, say, from your
home PC to your web hosting provider, or from one office computer to another.
Unfortunately, telnet and similar programs transmit your username and password in

1.4 Overview of SSH Features
This is the Title of the Book, eMatter Edition
Copyright © 2008 O’Reilly & Associates, Inc. All rights reserved.

|

5