Using ssh for secure network login and file transfer
Copyright Phillip Farrell. Last revision August 3, 2004
Table of Contents: |
Need for secure network connections
Unauthorized use of computer systems, often called "hacking", is a serious problem worldwide. The internet allows hackers anywhere in the world to try to break into computers.
If a hacker can discover an account password on a computer, he can then attempt to find security holes on the system that will give him complete "superuser" or manager access. At that point, he has free run to do anything on the system, including modifying or removing any files. Even if just limited to the one compromised user account, he can change or remove that user's files and run programs of his own that steal CPU and disk resources from the legitimate users of the system.
In many cases, hackers obtain account passwords using a "password sniffer" program. That is, after breaking into one computer on a network segment, a hacker starts a program that monitors all traffic on that segment, looking for passwords in network packets from other computers.
Clearly, computer logins that send passwords on the network in "plain text" are vulnerable to hackers. The original network connection methods for remote login and file transfer, telnet and ftp, send all data, including your password, in plain text across the network. The subsequent Unix r commands for remote login, remote command execution, and file transfer, if properly configured, eliminate the need to send your password across the network, but still send your data in plain-text. Also, because they rely upon configured "trust relationships" between computers to eliminate the need for passwords, if a hacker breaks into your account on one system, he immediately has access to your accounts on the other trusted systems.
Fully encrypted connection methods that don't rely on trusting other computers are needed now to combat hackers and keep your data and computer safe.
Two major methods for encrypting network connections are available on most Stanford server computers, including pangea: kerberos and ssh.
Kerberos provides a central database of personal and computer identification -- your "SUNet ID" -- that allows you to identify yourself (login) once and then access numerous computers and services all over the campus without further login. All communications, including your password, are encrypted so even if they are "sniffed" by a hacker, he cannot decode them and use them. Your initial login connects to the kerberos database servers, proves who you are by providing the correct password, and obtains a "ticket" or "credential" (stored in memory on your computer) that can be passed to all servers on campus to prove who you are. Because it works with a central database, kerberos is the officially supported network authentication method for Stanford.
At Stanford, kerberos is used primarily for remote command shell logins to Unix systems like pangea or the Sweet Hall workstations, for connection to the main administrative computer in Forsythe Hall, and for access to protected web pages. Personal computer users authenticate themselves to the kerberos servers with the PC-Leland or Mac-Leland system extension, and then login to pangea or other remote systems with the Samson program. Samson is a telnet program enhanced to work with kerberos authentication rather than plain-text login. "Kerberized" login connections can be made from one Unix computer to another, as well, using the klogin and krsh programs.
Ssh is an open-source standard for providing encrypted connections between computers. Rather than using a central authentication database, like kerberos, it requires that you provide a local password for each computer system to which you connect (or store a personal cryptographic key on each remote computer). Like kerberos, all communication, including your password, is encrypted. Because ssh does not support a central authentication database, it is not the preferred method for connection to campus servers. But it is supported by pangea and the Sweet Hall Unix systems.
Ssh does have two important advantages over kerberos. In addition to encrypting remote shell logins, it can be used to encrypt other forms of communication between computers, such as file transfers or X Window sessions. Because it is an open-source standard, ssh client and server programs are readily available for all types of computers. If you travel to a remote site, you may find an ssh client installed on a computer there, but you are unlikely to find Stanford's Samson and PCLeland or MacLeland programs installed (unless you bring them yourself).
In its simplest form, ssh is a direct "drop-in" replacement for the traditional plain-text telnet program, providing encrypted remote command shell logins to Unix systems instead of plain-text ones. But ssh goes beyond plain command line logins. scp and sftp on Unix systems, and similar programs on Windows and Macintosh provide encrypted file transfers to replace plain-text ftp. Using pre-defined cryptographic keys, ssh will also provide encrypted versions of the automatic login, file copy, and remote command execution previously found in the Berkeley r commands.
These pages describe the use of ssh to connect from one Unix computer to another. Please note that MacOS X is a full Unix system underneath the graphical interface, and all the ssh programs work on MacOS X exactly as described here for Unix systems; you simply open a Terminal window (in the Applications/Utilities folder) to get a command-line prompt to run the programs. Graphical ssh clients on Macintosh and Windows PCs provide the same functionality, but will use menu items rather than command line options and arguments.