All About SSH - Part I/II

Replacing telnet/rlogin/rsh with SSH
See also Part II (OpenSSH)

By Sean Boran
www.boran.com/security/sp/ssh-part1.html 

This article presents an overview of SSH, the Secure SHell. This is the first in a two part series, introducing SSH and implementations, except OpenSSH & OSSH which are presented in an accompanying Part2.

  Recent changes:

04.Nov.09 Add Absolute telnet

Putty+winscp are still my favourites...

See also the change history section

SSH is useful, easy to use and so much more secure than the archaic telnet/rlogin/rsh, that no UNIX/Linux system should be installed without it. 

Dec. 2002 (3 years after this page was first published) it's great that most Linux / Unix vendors have followed the example of OpenBSD & SuSE and bundled SSH with the OS. SSH has become the standard workhose for many sysadmin tasks, but has also had security bugs, possibly making your system more insecure than if using a simple telnet! Even SSH is not immune to the tiring vulnerability-patch-update cycle. So keep your SSH servers up to date.....

Italian Readers: Please note that an earlier version of this article has been translated into Italian [9].


  1. SSH Overview

     
  2. Implementations
  3. Compiling & Configuring
  4. Doing even more with SSH: VPNs, VNC, PCAnywhere, SecurID, rdist, fsh, Citrix
  5. References

SSH Overview

Secure Shell (SSH) was originally authored by Tatu Ylönen, Finland, is a secure replacement for Telnet, rlogin, rcp, rsh and provides secured TCP tunnels. Optional compression of traffic is provided and can also be used together with many Authentication schemes such as SecurID, Kerberos and S/KEY to provide a highly secure remote access point to UNIX servers.

SSH1 was the first implementation (protocol v1.2 and v1.5) that was free in the earlier days, but licensing has become very restrictive, SSH Communications and DataFellows [3] are trying to get people to move to the newer commercial SSH2. OpenSSH (a free alternative discussed in [1]) supports both v1 and v2 protocols.


Why SSH?

The Telnet, rlogin, rcp, rsh commands have a number of security weakness: all communications are in clear text and no machine authentication takes place. These commands are open to eavesdropping and tcp/ip address spoofing. A second key UNIX tool, the X11 windows system, also communicates in clear text, uses dynamic ports (making packet filtering difficult) and has a difficult-to-use access control mechanism "xhosts" and "xauth", that few users understand and hence X11 access control is often insecure on UNIX desktops.

SSH uses public/private key RSA authentication to check the identity of communicating peer machines, encryption of all data exchanged (with strong algorithms such as blowfish, 3DES, IDEA etc.). Backwards compatibility to rlogin/rsh and their trust files (rhosts, hosts.equiv) is provided to allow communication with non SSH servers. Optionally, an encrypted tunnel for X11 communications can be automatically setup by SSH (using the xauth access control and DISPLAY environment variable).

So SSH protects against:

SSH does not protect against:


Features

SSH can be used to log-in securely into another computer over a network, execute commands on a remote machine, and copy files from one machine to another. SSH provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, and rcp. Additionally, SSH provides secure X11 connections and secure forwarding of arbitrary TCP connections.

SSH2 is the newer protocol version, submitted to the IETF for approval by SSH Communications [3]. It is rewritten (improved cryptography) and is designed for more general purpose VPNs. SSH2:


Licencing and Cost

Today there are many versions of SSH, some implement client only, some both client and server. Commercial, freeware and "restricted freeware" licensing is in use. The original SSH (SSH1) implemented by Tatu Ylönen was free, but versions later than 1.2.12 have restrictive licensing. The last more-or-less free SSH1 v1.2.27 indicates that it may only be used for non-commercial purposes only, but it would seem that most situations would allow free usage:

For commercial licensing please contact Data Fellows, Ltd. Data Fellows has exclusive licensing rights for the technology for commercial purposes.....
You may use the program for non-commercial purposes only, meaning that the program must not be sold commercially as a separate product, as part of a bigger product or project, or otherwise used for financial gain without a separate license...
Use by individuals and non-profit organizations is always allowed...
Companies are permitted to use this program as long as it is not used for revenue- generating purposes..

The latest SSH1, v1.2.31 has the same restrictive licensing as SSH2, basically meaning it is only free for non-profit organisations:

NON-COMMERCIAL: any use that takes place in commercial, governmental, military, or similar organizations and where a salary or similar monetary compensation is paid, unless the use can be considered to be EDUCATIONAL USE or is purely for charity.

These means that for most of use SSH1 and SSH2 cannot be used freely, which explains why OpenSSH is becoming the predominant SSH server in use. [1]

Commercial versions are produced by DataFellows/SSH Communications and cost about $99 for clients and $500 for servers (the NT server is a shocking $850).


U.S. Export and Patent Restrictions

SSH contains strong cryptography (no weak versions exist), which make it a no-no to export from the U.S., under the current regulations (which will hopefully change in the coming months). Luckily, SSH1 was developed in Finland meaning export to the U.S. and the rest of the world is no problem.

The RSA algorithm is patented in the U.S., but the patent expired in September 2000, so U.S. users of SSH no longer have to use RSAREF, the official RSA library or pay royalties to RSA.

Hopefully, more U.S. Operating System vendors will bundle SSH with their products soon. OpenBSD, RedHat and SUSE. Linux all bundle OpenSSH.

The IDEA algorithm is patented by Ascom in Switzerland (and only free for non-commercial use), is used by SSH, but it can be disabled when compiling the SSH server.


Advantages

Disadvantages


Security Vulnerabilities

The following is a list of vulnerabilities found in different SSH implementations, see [2] for links to more detailed discussions of this issues on SecurityFocus.



Implementations


SSH server & client for UNIX/Linux

SSH1 for UNIX is available as a free [5] or commercial product [3]. It is the "original" SSH, but is not being further developed at the moment (except for fixes). The emphasis is now on the commercial SSH2.

SSH2 [3] is a commercial product for UNIX, Windows or Mac. There is a free SSH2 version for non-commercial use, but licensing is pretty restrictive.

LSH: Efforts are underway to develop LSH, a free version of SSH2 - see http://www.net.lut.ac.uk/psst.

FreSSH: Unlike various other SSH implementations already available for Unix, it does not trace its ancestry to the original SSH code written by Tatu Ylonen. FreSSH currently implements SSH protocol version 1.5, with extensions which offer enhanced security when both sides of a connection are running FreSSH. The current version is v0.81 (15.Feb.01), a pre-release. It only runs on UNIX systems with a /dev/random. See http://www.fressh.org

sftp: is an ftp client and server that runs over an SSH tunnel. Currently at v0.7, it runs on Linux and NetBSD. http://www.xbill.org/sftp  


Mindterm SSH (Free Java SSH client)

Mindterm is a free (GPL) SSH client written in 100% pure Java. It can be run as a stand-alone program or as an applet in a webpage. It can be run with or without a GUI. It has other useful features: scp - file copying and a special ftp tunnel which works with "ordinary" ftpd's "behind" the sshd.
Mindterm is my 2nd favourite SSH client after pscp/putty (see pscp) - it would be my favourite if the latest version was completely free...

There are several versions, see www.appgate.com/mindterm which the author has been using for since December 1999 months as a standalone application.

Advantages:

Problems:

Suggested Improvements:


Windows SSH clients

Aside: the OpenSSH crew have started keeping track of various Windows implementations, see http://www.openssh.org/windows.html


Windows SSHD servers

Recently a few NT SSH servers have popped up. These new beasts are interesting, but either difficult to setup or no so easy to use.

SSH daemon for NT #1
http://www.shebeen.com/files/sshdnt.zip

This is the first SSH server I've come across for NT and looks interesting. It is without source code, but seems to be UNIX SSH 1.2.26 ported used the Cygnus libraries and uses UNIX-like configuration files.


SSH daemon for NT #2
http://marvin.criadvantage.com/caspian/Software/SSHD-NT/default.php
http://www.lexa.ru/sos

An NT SSH server, with a slightly different focus. It is based on Sergey Okhapkin's SSH1.2.26 port, which uses the Cygnus libraries and UNIX-like configuration files. Diffs are available from the original SSH sources. Below we test v1.02.



SSH daemon for NT #3: OpenSSH + Cygnus

OpenSSH can also be persuaded to run as a server on Windows. This is discussed in Part II of this article.

 

SSH daemon for NT #4: Bitvise

I've not tried this product but it looks promising. http://www.bitvise.com/winsshd.html 

"WinSSHD is a Windows NT4/2000/XP SSH Secure Shell 2 server that supports the following SSH2 services:
- secure remote login with console (VT100 and xterm with colour support out of the box, as well as many other terminal emulations); secure remote login with GUI (see Using WinSSHD with WinVNC); 
- secure file transfer using the SFTP protocol - WinSSHD's integrated SFTP server replaces FTP seamlessly with clients such as ssh.com's SSH2 client, or CuteFTP Pro; 
- secure file transfer using the SCP protocol; 
- secure TCP/IP port forwarding: most TCP/IP connections can be secured with SSH2. 
Also, WinSSHD is:
- well-integrated with the Windows NT/2000/XP platform; compatible with Windows domains - works well with local as well as domain users; 
- easy to install: it uses the standard Windows Installer installation mechanism; 
- simple to configure and maintain  
- available for a free 30-day evaluation period. The cost of a WinSSHD license is USD 29.95 for personal use, and USD 99.95 for business use."



SSH daemon for NT #5: F-Secure & SSH Communications

Commercial product exist from F-Secure and from SSH communications [3]. They cost $850.-  and $595.-per seat. A brief test of the SSH communications versions worked just OK for remote terminal access. The default configuration is quite permissive and I have problems getting scp (file copy to work), interactions with OpenSSH is very bad. Test it before you buy.
See also a review at: http://www.networkcomputing.com/1206/1206sp3.html

 

Further reading on NT SSH servers:
http://www.certaintysolutions.com/tech-advice/ssh_on_nt.html

 

Macintosh SSH Versions

  1. NiftyTelnet SSH is a free ssh client for MacOS. It is an enhanced version of NiftyTelnet.
    Datafellows produce  a commercial Mac client: http://www.datafellows.com/f-secure.
  2. Another is MacSSH www.macssh.com
  3. dataComet-Secure, www.databeast.com 
    This commercial packages costing around $60 provides terminal emulation over SSH, Telnet, and dialup connections, supporting both SSH1 and SSH2. Telnet sessions offer Kerberos 5 and SOCKS v4 security options. (NOTE: SSH port forwarding is not yet supported.) dataComet-Secure emulates colour VT100 - VT320, PC-ANSI, SCO-ANSI, and IBM-3279 terminals, with file transfer support for SCP, X/Y/ZModem, and IBM IND$FILE. Sessions can be scripted using AppleScript and built-in macro support, with automatic macro recording and an easy-to-use key re-mapping dialog.


 Other Architectures


Compiling & Configuration


SSH1 Compilation

Note this section is old: you really should not be using SSH1. Move to OpenSSH, which is discussed in Part II of this article.


SSH1 configuration


Mindterm SSH installation


Doing even more with SSH


References

[0] Socks http://www.socks5.com  

[1] Part II of this Article, which covers OpenSSH.

[2] BugTraq list of all SSH vulnerabilities:

2001-02-05: SSH1 SSH Daemon Brute Force Authentication Logging Failure Vulnerability
2001-01-16: SSH Secure-RPC Weak Encrypted Authentication Vulnerability

2000-11-13: OpenSSH Client Unauthorized Remote Forwarding Vulnerability
2000-09-30: scp File Create/Overwrite Vulnerability
2000-06-08: OpenSSH UseLogin Vulnerability
2000-07-05: SSH 1.2.27 Kerberos Ticket Cache Exposure Vulnerability
2000-02-24: SSH xauth Vulnerability

1999-12-01: RSAREF Buffer Overflow Vulnerability
1999-11-13: Sshd RSAREF Buffer Overflow Vulnerability
1999-09-17: SSH Authentication Socket File Creation Vulnerability
1999-05-13: Secure Shell Password Brute Force Vulnerability

1998-01-20: ssh-agent Vulnerability

[3] SSH Communications (also http://www.ssh.fi) and
DataFellows (also http://www.datafellows.com/f-secure)

[4] Marc Schaefer [schaefer@alphanet.ch]
     2000-01-11-Thread: sshd and popftponly users incorrect configuration

[5] Getting SSH1: See the main FTP site ftp.ssh.com/pub/ssh or one if it's mirrors such as ftp.cert.dfn.de/pub/tools/net/ssh. For RedHat RPMs (sparc and x86) see ftp.zedz.net/pub/crypto/linux/redhat

[6] Mindterm: http://www.mindbright.se/mindterm
Java Run time from Sun: http://www.javasoft.com/products/jdk/1.1/jre/download-jre-windows.html

[7] Explanation of SSH: Discussion thread on FOCUS-SUN

[8] Stupid, Stupid Protocols: Telnet, FTP, rsh/rcp/rlogin, by Jay Beale, explains why ssh is useful and explains how user RSA authentication works with ssh-agent. http://securityportal.com/cover/coverstory20000814.html

[9] This article has been translated into Italian:
Tutto su SSH - Parte I/II, Sostituire telnet/rlogin/rsh con SSH
http://www.ziobudda.net/Recensioni/ssh-part1.php

Other links:


About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook


Changes to this article
2000:
14.Feb.'00 First Publication https://admin.securityportal.com/research/ssh-part1.html  
25.Feb.'00 V1.1 New:sftp, SSH2 for Windows. Update: putty, Mindterm, SSH1 1.2.27 does work OK on IRIX, port forwarding.

08.Mar'00  New: Security Vulnerabilities Update: links
04.Apr'00  Update: Mindterm: add suggestions list. Add RedHat6 startup files. Doing even more with SSH.
30.Jun'00  New: add link to Java Telnet Application/Applet, Add [7]
22.Aug'00 Update: ssh1 v1.2.30, link to article from J.Beale. VNC password weakness.
11.Sep'00 Update: pscp/putty v0.49. Spelling.
09.Oct'00 Update: compression & other mindterm/putty issues, Ladon link. Links to Italian translation.
23.Nov'00 Update: Mindterm v1.99 pre1, putty v0.50
06.Dec.00 New: Windows SSHD servers
2001:

22.Feb.01 Refresh links & references. Add
FreSSH, Update Mindterm, putty 0.51, ScanSSH
08.Mar.01 Add Winscp, Minor VNC tweaks.
10.May.01 Update: Licensing, Windows SSHD servers. New: OpenSSH + Cygnus, iXplorer

29.May.01 Update: Mindterm 2.0rc2, Add Tip for Windows users, move Cygwin to OpenSSH/part II article.
18.Jun.01 Sync security portal version.
21.Aug.01 General cleanup, improve example on automatic trusts, Citrix tunnelling
21.Nov.01 Added dataComet-Secure for the Mac.

2002
:

25.Feb.02  Update putty 0.52
27.Mar.02 Add Bitvise.
05.Jun.02 Add JSSH
12.Sep.02 Add PockTTY
18.Nov.02
Mindterm Security tip, putty v0.53b, Mindterm 2.3.1
14.Dec.02 New Opensource Java SSH: SSHtools

22.Jul.04 Add Zoc

04.Nov.09 Add Absolute telnet

© Copyright 2004, Seán Boran, All Rights Reserved     Last Update: 22 Juli, 2004