Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 6: SSH Client Basics > Understanding Network Encryption - Pg. 110

110 Chapter6·SSHClientBasics Introduction In this chapter, you will learn about solutions to deploy strong encryption to enhance network security. Encryption ensures data confidentiality by using algorithms to encrypt data before it is sent over a network. The receiving host then decrypts the data to a readable format. The solutions in this chapter combine both authentication and encryption, and they include a step-by-step guide to implementing encryption over an insecure network by utilizing the SSH client software. Understanding Network Encryption Network encryption ensures that data sent across a network from one host to another is unreadable to a third party. If a sniffer intercepts the data, it finds the data unusable because the data is encrypted. Therefore, a hacker cannot view any usernames or passwords, and any information sent across the network is safe. The requirement is that all communicating systems support the same network encryption technique. One such technique is Secure SHell (SSH). Network encryption is used for any data transfer that requires confidentiality. Because the Internet is a public network, network encryption is essential. E-commerce transactions must ensure confidentiality to protect credit card and personal information. Personal banking Web sites and investment companies often require extremely sensitive information to be sent, such as bank account numbers and tax identification numbers. If these usernames, passwords, and personal information fall into the wrong hands, the information could be used for a front-door attack because the hacker could pose as a legitimate user. Rlogin, remote shell (rsh), and Telnet are three notoriously unsafe protocols. They do not use encryption for remote logins or any type of data transmission. For example, if you are an administrator and you want to log in to a system via Telnet, your username and login are sent in clear text. Rsh and rlogin send all data between two hosts in clear text as well (but a password is not required). If a packet sniffer captured the packets destined for the administrator's system, it would eventually capture the packets containing the username and password, and the attacker could then enter the system as a legitimate user. Using OpenSSH to Encrypt Network Traffic Between Two Hosts OpenSSH ( is an open source program that encrypts all traffic between hosts using Secure SHell (SSH). It is a secure replacement for common Internet programs used for remote connectivity. These programs include Telnet, rlogin, and rsh. Because it encrypts all traffic, it always hides usernames and passwords used for remote logins. After the login occurs, it continues to encrypt all data traffic between the hosts. Open SSH is a free version of the SSH Communications Security Corporation's SSH suite ( As with most open source software, the tradeoff is that vendor support is not available. Do not confuse OpenSSH with the fee-based SSH suite. The OpenSSH home page is shown in Figure 6.1. The OpenBSD Project ( developed OpenSSH and the Unix operating system, which is OpenBSD. OpenBSD is a free 4.4BSD-based OS that is designed with security in mind. It uses strong encryption techniques to ward off hackers.