The implication of this attack is that all data encrypted using current standards based security systems such as the ubiquitous SSL used to protect e-commerce and Internet banking and SSH used to protect access to sensitive computing systems is at risk.

Secure Shell ( SSH ) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client ( running SSH server and SSH client programs, respectively ).

The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet.

Hence, in all versions of SSH it is important to verify unknown public keys, i. e. associate the public keys with identities, before accepting them as valid.

SSH also supports password-based authentication that is encrypted by automatically generated keys.

However this is only possible if the two sides have never authenticated before, as SSH remembers the key that the remote side once used.

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections ; it can transfer files using the associated SSH file transfer ( SFTP ) or secure copy ( SCP ) protocols.

An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections.

Notably, Windows is one of the few modern desktop / server OSs that does not include SSH by default.

SSH is important in cloud computing to solve connectivity problems, avoiding the security issues of exposing a cloud-based virtual machine directly on the Internet.

It is estimated that,, there were 2 million users of SSH.

For example, using the SSH protocol to implement a VPN is possible, but presently only with the OpenSSH server and client implementation.

Authentication is client-driven: when one is prompted for a password, it may be the SSH client prompting, not the server.

The functionality of the transport layer alone is comparable to Transport Layer Security ( TLS ); the user authentication layer is highly extensible with custom authentication methods ; and the connection layer provides the ability to multiplex many secondary sessions into a single SSH connection, a feature comparable to BEEP and not available in TLS.

SSH provides much of the functionality of telnet, with the addition of strong encryption to prevent sensitive data such as passwords from being intercepted, and public key authentication, to ensure that the remote computer is actually who it claims to be.

However, most Telnet implementations do not support these extensions ; and there has been relatively little interest in implementing these as SSH is adequate for most purposes.

The most common way to encrypt X traffic is to establish a Secure Shell ( SSH ) tunnel for communication.

In 1998 a vulnerability was described in SSH 1. 5 which allowed the unauthorized insertion of content into an encrypted SSH stream due to insufficient data integrity protection from CRC-32 used in this version of the protocol.

" Secsh " was the official Internet Engineering Task Force's ( IETF ) name for the IETF working group responsible for version 2 of the SSH protocol.

* For browsing the web through an encrypted proxy connection with SSH clients that support the SOCKS protocol.

* Secure copy ( SCP ), which evolved from RCP protocol over SSH

* Files transferred over shell protocol ( a. k. a. FISH ), released in 1998, which evolved from Unix shell commands over SSH

These security-related shortcomings have seen the usage of the Telnet protocol drop rapidly, especially on the public Internet, in favor of the Secure Shell ( SSH ) protocol, first released in 1995.

* SSH file transfer protocol

In daemon mode, rsync listens on the default TCP port of 873, serving files in the native rsync protocol or via a remote shell such as RSH or SSH.

In the mid 2000s, UUCP over TCP / IP ( often encrypted, using the SSH protocol ) was proposed for use when a computer does not have any fixed IP addresses but is still willing to run a standard mail transfer agent ( MTA ) like Sendmail or Postfix.

* Uses KDE KIO slaves for FTP, SSH ( through FISH ) and other protocol support.

SSH file transfer protocol •

lsh is a free software implementation of the Secure Shell ( SSH ) protocol version 2, by the GNU Project including both server and client programs.

In computing, the SSH File Transfer Protocol ( also Secret File Transfer Protocol, Secure FTP, or SFTP ) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream.

It was designed by the Internet Engineering Task Force ( IETF ) as an extension of the Secure Shell protocol ( SSH ) version 2. 0 to provide secure file transfer capability, but is also intended to be usable with other protocols.

This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.

SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group.

SFTP is most often used as subsystem of SSH protocol version 2 implementations, having been designed by the same working group.

An SSH tunnel can provide a secure path over the Internet, through a firewall to a virtual machine.

A single SSH connection can host multiple channels simultaneously, each transferring data in both directions.

A broad array of third-party software including 3D function graphing tools, web browsers, chat, email and NNTP clients, telnet / SSH, spreadsheets, word processors, sound & graphics tools, network tools, and programming tools can be located on the internet.

SSH clients are available for all major platforms ( and many smaller platforms as well ); SSH tunnels can be created from UNIX clients, Microsoft Windows clients, Macintosh clients ( including Mac OS X and System 7 and up ) – and many others.

Interesting traffic can also be defined such that only SSH packets are allowed to establish the link.

As an alternative, one can tunnel VNC through SSH, avoiding the opening of additional ports and automatically traversing the NAT router.

PuTTY is a free and open source terminal emulator application which can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols and as a serial console client.

Combined with features of SSH such as port forwarding, this can allow many types of services to be run securely over the SSH via HTTP connections.

With a port knock system in place on ports such as the SSH port, it can prevent brute force password attacks on logins.

It can record and replay the activities of the administrators who manage servers remotely via the SSH, RDP, Telnet, ICA or Vnc protocols.

FreeJ can be operated in real-time from a console ( S-Lang ) and remotely over networks via a Secure Shell ( SSH ) connection, and provides an interface for scripting behavior currently accessible through JavaScript.

The console interface of FreeJ is accessible via SSH and can be run as a background process.

To mount the Windows file-system securely, one can establish a SSH tunnel that routes all SMB traffic to the remote fileserver through an encrypted channel.

Once the SSH tunnel has been established, the user can connect to the specified local port to access the network service.

If users can connect to an external SSH server, they can create a SSH tunnel to forward a given port on their local machine to port 80 on a remote web-server.

Website monitoring service can check HTTP pages, HTTPS, SNMP, FTP, SMTP, POP3, IMAP, DNS, SSH, TELNET, SSL, TCP, ICMP, SIP, UDP, Media Streaming and a range of other ports with a variety of check intervals ranging from every four hours to every one minute.

* Console management-reverse Telnet, reverse SSH: In console management terminology, users can use reverse Telnet or SSH to connect to a serial device.