Pages

COMMON SSH USES

Saturday, February 9, 2013
SSH was originally designed as a replacement for less-secure Unix commands. Telnet, FTP, rlogin, rcp, and rsh provide login access, file transfer functionality, and remote command execution, but they transmit passwords in plaintext. The systems are also vulnerable to TCP hijacking (and UDP hijacking, in the case of FTP). SSH provides all of these functionalities over an encrypted channel. For example, the OpenSSH client, ssh, supports command-line options for performing these operations. SSH also provides support for arbitrary port forwarding and automated system usage.
Remote Login
Using OpenSSH’s ssh without any command options provides a login prompt. The basic usage is ssh hostname or ssh user@hostname. These commands establish an SSH tunnel to the server, hostname, using the account name user. When creating a command-line shell, the SSH client provides both application layer and presentation layer functionality.
Remote Command Execution
The OpenSSH client permits operating similar to the BSD remote-shell command, rsh. After specifying the user and hostname, any other options are treated as a command. The command is executed immediately after logging in. For example, the command ssh user@hostname ls will remotely log in to hostname as user and execute the command ls. The file streams STDIN, STDOUT, and STDERR (standard input, output, and error) are passed across the SSH tunnels, so the output from ls is transmitted back to the client. Specifying no command is the same as specifying the user’s login shell.
File Transfers
There are two methods for performing SSH file transfers. The first method uses remote command execution. In effect, the tunnel is used to pass the file. The second method uses SSH subsystems. The SSH server permits the execution of well-defined applications. This is similar to the Unix inetd system, where different network ports are used to run different applications.
Port Forwarding
Although SSH forwards streams such as STDIN, STDOUT, and STDERR, it can
also forward TCP ports. Using the OpenSSH options -R and -L, a port on the local
system can be passed to the remote end, and vice versa.
Automated Systems
SSL is commonly used by automated systems for establishing secure connections. However, SSL has many limitations when used by automated systems. For example, SSL clients are vulnerable to MitM attacks, DNS poisoning, and risks from handling invalid certificates.
In simple you can say that SSH can be used for the following purposes:
  • for login to a shell on a remote host (replacing Telnet and rlogin)
  • for executing a single command on a remote host (replacing rsh)
  • for copying files from a local server to a remote host.
  • in combination with SFTP, as a secure alternative to FTP file transfer
  • in combination with rsync to backup, copy and mirror files efficiently and securely
  • for port forwarding or tunneling a port (not to be confused with a VPN which routes packets between different networks or bridges two broadcast domains into one.).
  • for using as a full-fledged encrypted VPN. Note that only OpenSSH server and client supports this feature.
  • for forwarding X11 through multiple hosts
  • for browsing the web through an encrypted proxy connection with SSH clients that support the SOCKS protocol.
  • for automated remote monitoring and management of servers
  • for securely mounting a directory on a remote server as a filesystem on a local computer using SSHFS.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.