Open Secure Shell (OpenSSH): A bit of everything about SSH technology
Since the average GNU/Linux user It is usually a more advanced, well-known or professional person in the field. computer science world, this forces you to use and master specialized tools or technologies. A good example of this is the remote connections to other computers or devices, graphically or by terminal. For example, a average linux user, SysAdmins or DevOps, usually from a network (home, business or in the cloud), connect remotely to other computers through various protocols or technologies available for it, such as, RDP, Telnet, SSH, and many others.
and like many IT professionals we already know, for this there are many software tools. However, when it comes to GNU / Linux Operating Systems, especially with regard to Servers, the most basic and essential, is the mastery of the tool known as OpenSecureShell (OpenSSH). Reason why, today we will start with this first part about SSH.
And as usual, before getting into today's topic about the program «Open Secure Shell” (OpenSSH), to give a broad view of it, we will leave for those interested the following links to some previous related publications. In such a way that they can easily explore them, if necessary, after finishing reading this publication:
“Some users may think that best practices should only be applied to servers, and this is not the case. Many GNU/Linux distributions include OpenSSH by default and there are a few things to keep in mind". Good practices with OpenSSH
Open Secure Shell (OpenSSH): Remote login management
What is SSH?
The name of the "SSH" technology comes from the acronym of the English phrase “Secure Shell”, which in Spanish means, "Secure Shell" o "Secure Order Interpreter". However, for a more exact and complete description and interpretation, we can cite the following paragraphs:
“SSH stands for Secure Shell is a protocol for secure remote access and other secure network services over an insecure network. As for SSH technologies, OpenSSH is the most popular and used. SSH replaces unencrypted services like Telnet, RLogin, and RSH and adds many more features.” Debian Wiki
“The SSH protocol was designed with security and reliability in mind. Connections using SSH are secure, the other party is authenticated, and all data exchanged is encrypted. SSH also offers two file transfer services; one is SCP, which is a terminal tool that can be used like the CP command; and the other is SFTP, which is an interactive program similar to FTP”. Debian Administrator's Manual
“Right now there are three commonly used SSH daemons, SSH1, SSH2, and the OpenSSH from the OpenBSD folks. SSH1 was the first SSH daemon available and is still the most commonly used. SSH2 has many advantages over SSH1, but is distributed under a mixed open-closed source license. Whereas, OpenSSH is a completely free daemon that supports both SSH1 and SSH2. And it is, the version installed on Debian GNU/Linux, when choosing to install the 'SSH' package. Debian Security Handbook
Why use SSH technology?
Why, SSH is a network protocol which guarantees a data exchange (information/files) in a way safe and dynamic, from a client computer to a server computer.
Furthermore, this technology offers a process that is considered highly reliable, because, in it, files or commands sent to the destination computer are encrypted. And all this, guaranteeing that the sending of data is carried out in the best possible way, thus mitigating any possible alteration during its execution, transmission and reception.
Lastly, it is worth noting that SSH also offers a mechanism that includes or requires authentication of any remote user, in order to ensure that it is authorized to communicate with the destination computer (server). In addition, this process usually, by default, occurs at the level of the use of terminals or consoles, that is, through I environments.Command Line Interface (CLI).
What is Open Secure Shell (OpenSSH)?
According to OpenSSH official website, this free and open program is described as follows:
“OpenSSH is the leading connectivity tool for remote login using the SSH protocol. Encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH offers a rich set of secure tunnel features, multiple authentication methods, and sophisticated configuration options.”
And the following is added and detailed:
“The OpenSSH suite consists of the following tools: Remote operations are done via ssh, scp, and sftp; the gkey management runs with ssh-add, ssh-keysign, ssh-keyscan and ssh-keygen; and the service side works with the sshd, sftp-server and ssh-agent packages”.
OpenSSH 9.0: What's New and Bug Fixes
It is worth noting that currently OpenSSH is on its version 9.0. Recently released version (08/04/2022) whose main novelties are the following:
- SSH and SSHd: Using Streamlined NTRU Prime + x25519 hybrid key as default exchange method ("sntrup761x25519-sha512@openssh.com").
- SFTP-Server: Enabling the "copy-data" extension to allow Server-side copies of files/data, following the design in draft-ietf-secsh-filexfer-extensions-00.
- SFTP: Added a "cp" command to allow server-side file copies to work on the sftp client.
For more information or details about these news, bug fixes and porting data, you can access the following link.
"The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the old default) as a backup against any weaknesses in NTRU Prime that may be discovered in the future.".
Where to learn more about SSH
So far, we have reached the most essential theory to know about SSH and OpenSSH. However, in future installments on this topic, we will delve into and update what has already been explained in previous articles. As for his installation, Its Settings, And the current good practices (recommendations), when making basic and advanced settings. And also how execute simple and complex commands through said technology.
However, for expand this information We recommend exploring the following official and reliable content online:
- Debian Wiki
- Debian Administrator's Manual: Remote Login / SSH
- Debian Security Handbook: Chapter 5. Securing services running on your system
Summary
In summary, SSH technologyIn general, it is a great and simple technology that, if well implemented, offers a reliable and secure connectivity and login mechanism towards others remote teams, in order to access the services and functionalities offered from within it. And its free and open equivalent, that is, «Open Secure Shell” (OpenSSH) is a wonderful free and open alternative of the same, widely available and used on all the GNU / Linux distributions current.
We hope that this publication is very useful for the entire «Comunidad de Software Libre, Código Abierto y GNU/Linux». And don't forget to comment on it below, and share it with others on your favorite websites, channels, groups or communities of social networks or messaging systems. Finally, visit our home page at «DesdeLinux» to explore more news, and join our official channel Telegram from DesdeLinux, West group for more information on the subject.
Thank you very much!
I will be attentive to the following publications
Can you run graphical applications using the server and run them on the client?
Regards, Khourt. Thanks for your comment. I'm not sure, it created that you can run graphical applications via ssh on a target host, but not a server application on a target host. I'll be looking into that anyway.