For example, the most recent advisory issued by the Computer Emergency Response Team (CERT) described multiple vulnerabilities in SSH implementations that could allow an attacker to usurp control of a remote server by taking advantage of a buffer overflow.

However, armed with an understanding of SSH, as well as the potential options available, system administrators should be able to make the best choice for their particular enterprise.

What Is SSH?

In a nutshell, SSH is a protocol that allows a client computer to connect securely with a server to log in or copy files. It provides authentication and a secure transport layer that allow a user to establish a secure connection even over an otherwise unsecure network.

There are a number of implementations of SSH, but the most popular are the original SSH and OpenSSH. SSH is produced by SSH Communications Security, which was founded by the original developer of SSH, Tatu Ylonen. On the other hand, OpenSSH is part of the OpenBSD project and was developed from the last open source version of SSH.

On Unix systems, both of these implementations usually include a client program called "ssh" and a server program, or daemon, called "sshd." Some client-only implementations exist for Windows and older versions of the Mac OS, while Mac OS X has native versions of the OpenSSH client and server programs.

In addition to the basic client and server programs, most SSH distributions also include a few other tools that allow secure file transfer, such as secure copy (scp) and secure FTP (sftp).

All Versions Are Not Created Equal

Since multiple implementations of SSH are available, one might wonder which distribution to choose.

OpenSSH is the most widely used version of SSH today. It is the default SSH client and server for all major Linux distributions and BSD variants, and it is available for many proprietary Unix flavors as well. SSH Communications makes a version of SSH that can be used under Linux, FreeBSD, NetBSD and OpenBSD for non-commercial use, but unlike OpenSSH, the software is not freely distributable. (continued...)

1  |  2  |  Next Page >