Open In App

SECURE Shell architecture

In this article, we will discuss the overview of SSH(Secure Shell) protocol and then will mainly focus on its architecture part and will explain its working. Let’s discuss it one by one.

SSH(secure shell protocol) :

  1. It is a scientific discipline network protocol for operative network services over an unsecured network.
  2. It is designed to replace the unsecured protocol like -telnet and insecure file transfer methods(like FTP).
  3. It uses a consumer server design.
  4. It uses public-key cryptography/asymmetric key cryptography to demonstrate the remote server. i.e. to verify its identity to the remote server.

SSH Architecture :
The SSH-2 protocol has an inside design (defined in RFC 4251) with well-separated layers, namely as follows.

  1. The transport layer (RFC 4253) –
    It usually runs on the prime of TCP/IP. This layer handles the initial key exchange between the supply and destination.
  2. The user authentication layer (RFC 4252) – 
    This layer handles consumer authentication and provides a range of how for authentication ways. Its consumer SSH consumer UN agency responds once a user prompted for a watchword, not a server. The server simply responds to the client’s authentication requests. Wide used user-authentication ways embrace the following.
  3. Watchword – 
    A transparent means for password authentication, together with a facility permitting a watchword to be modified. There are solely a few programs UN agencies implement this methodology.
  4. Public key –
    A technique for public-key-based authentication, sometimes supporting a minimum of DSA, ECDSA, or RSA key-pairs, with different implementations conjointly supporting X.509 certificates.
  5. Keyboard-interactive (RFC 4256) –
    During this server sends one or additional prompts to enter the data and therefore the consumer displays them and sends back responses keyed in by the user. Accustomed offers one-time watchword authentication like S/Key or SecurID.
  6. GSSAPI authentication –
    This performs SSH authentication mistreatment external mechanisms like Kerberos five or NTLM, providing the single sign-on capability to SSH sessions. These ways are sometimes enforced by industrial SSH implementations to be used in organizations.
  7. The association layer (RFC 4254) –
    During this sort of idea of channels, channel requests, and international requests mistreatment SSH services are provided. One SSH association will host several channels at the same time, knowledge will be transferred in both directions. Channel requests are accustomed to relaying out-of-band channel-specific knowledge, like the modified size of a terminal window or the exit code of a server-side method.
  8. The SSHFP DNS record (RFC 4255) –
    It provides the public host key fingerprints to help corroboratory the legitimacy of the host.

Note –
Despite standard ideas, SSH isn’t associate degree implementation of Telnet with cryptography provided by the Secure Sockets Layer (SSL).

Article Tags :