Introduction

Introduction

Using public key encryption (page 989), OpenSSH provides two levels of authentication: server and client/user. First the client verifies that it is connected to the correct server. Then OpenSSH encrypts communication between the systems. Once a secure, encrypted connection has been established, OpenSSH makes sure that the user is authorized to log in on or copy files from/to the server. After verifying the system and user, OpenSSH allows different services to be passed through the connection. These services include interactive shell sessions (ssh), remote command execution (ssh and scp), X11 client/server connections, and TCP/IP port tunneling.

SSH1 versus SSH2

SSH protocol version 2 (SSH2) is a complete rewrite of SSH protocol version 1 (SSH1) that offers improved security, performance, and portability. The two protocols are not compatible. Because SSH1 is being rapidly supplanted by SSH2 and because SSH1 is vulnerable to a man-in-the-middle attack (footnote 3 on page 992), this chapter does not discuss SSH1. Because version 2 is floating-point intensive, version 1 does have a place on systems without FPUs (floating-point units or accelerators), such as old 486SX systems. As initially installed, the OpenSSH tools supplied with CentOS Linux support both protocols; you need run only one server to communicate with systems using either protocol.

ssh

The ssh utility allows you to log in on a remote system over a network. You might choose to use a remote system to access a special-purpose application or to use a device that is available only on that system, or you might use a remote system because you know that it is faster or not as busy as the local computer. While traveling, many business-people use ssh on a laptop to log in on a system at company headquarters. From a GUI you can use several systems simultaneously by logging in on each from a different terminal emulator window.

X11 forwarding

With X11 forwarding turned on, as it is when you install CentOS Linux, it is a simple matter to run an X11 program over an ssh connection: Run ssh from a terminal emulator running on a GUI and give an X11 command such as xclock; the graphical output appears on the local display. For more information refer to "Forwarding X11" on page 596.