LavaNet Home

ANNOUNCEMENTS   SEARCH LAVANET
11/26/08 Lavanet News and Announcements: Thanksgiving Holiday Hours - November 27, 2008

LavaNet's offices will be closed Thursday November 27th. All departments
will be open for normal business hours the following day, Friday November
28th.

  
NAVIGATION
  News
  Services
  Support
  About Us
  System Status
  Webmail

CONTACT
Phone
(808) 545-LAVA

Fax
(808) 529-0596

Address
733 Bishop Street
Makai Tower, Suite #1170
Honolulu, HI 96813

Maps
 

SSH

Jump to: navigation, search

LavaNet provides shell accounts for those who request it. However, as a security concern, rather than using a telnet program to access your shell account, we recommend that you use an SSH program instead. For those who do not know or would like to find out more about SSH, why you should use it, and what its differences are from Telnet, read on...

Contents

[edit]

What is it?

SSH, otherwise known as Secure Shell, is a program used to access and log on other computers remotely through a network. (Usually those computers using a UNIX based operating system)

SSH functions much the same as telnet and it allows the user to execute commands on a remote machine.

It provides strong encryption authentication and secured communication over an unsecure channel. Simply, it encrypts data that travels between the users' computer and the host computer. It also provides secure X connections and secure forwarding of arbitrary TCP connections.

[edit]

How does it work?

SSH communicates with the host computer using encryption algorithms rather than sending information in plain text. Just because you cannot see your password as you type it when using telnet that does not mean that it is encrypted, in fact it is not. Telnet sends passwords in plain text whereas SSH encrypts the password before sending it. There are several different ciphers used for encryption by SSH (three-key triple-DES, DES, RC4-128, TSS, Blowfish). Encryption keys are exchanged using RSA, and data used in the key exchange is destroyed every hour (keys are not saved anywhere). Every host has an RSA key which is used to authenticate the host when RSA host authentication is used. Encryption is used to protect against IP-spoofing; public key authentication is used to protect against DNS and routing spoofing.

[edit]

SSH vs Telnet & Why you should use SSH

Basically, any LavaNet user with an active shell account can access and use their shell account with either Telnet or SSH. Telnet comes preinstalled on all computers with the Windows operating system (you can go to it by clicking on the Start button, then Run, and then in the Open: box, just type in "telnet", then click OK, and Window's telnet program should open up). However, unlike SSH, telnet communicates with the host computer (the computer that you are accessing to use your shell account) with plain text. It also provides little in the way of security for the user. Any and all communication between the users' computer and the host computer is open for attack and is vulnerable to getting hijacked at all times when the user is using telnet.

With SSH, this is an entirely different matter. SSH protects the users against:

  • IP spoofing, where a remote host sends out packets which pretends to come from another trusted host. SSH even protects against those who attempt to decieve your connection by pretending to be the IP of the computer that you are connected to.
  • IP source routing, where a host can pretend that an IP packet comes from another, trusted host.
  • DNS spoofing, where an attacker forges name server records
  • Interception of cleartext passwords and other data by intermediate hosts
  • Manipulation of data by people in control of intermediate hosts
  • Attacks based on listening to X authentication data and spoofed connection to the X11 server

Basically, SSH never trusts any connection over the net. If someone has taken over the network, that person can only force the SSH connection to disconnect, but cannot decrypt, play back the traffic, or hijack the connection. However, you will need to keep in mind that this requires the SSH connection to be encrypted. (There is the option to have no encryption) Without encryption, you will have the same thing as having a regular telnet connection and remain vulnerable to attacks.

[edit]

Downloads and Setups

For Windows: Putty SSH

For Macintosh: Nifty Telnet SSH

[edit]

Other resources and links

Frequently Asked Questions by Thomas Konig

FAQ @ employers.org

Started with SSH by Kimmo Suominen

This is a little Java based SSH applet. Please read the requirements before attempting to run the program on your own computer. LavaNet is not responsible for any damages that may result from using the program, as we do not endorse this JavaSSH program. Use at your own risk.

Retrieved from "http://www.lava.net/support/SSH"

Copyright © 2006 LavaNet, Inc. All rights reserved.   News | Support | Services | About Us | System Status | Webmail | Press Box | Privacy & Copyright