What is OpenSSH
Like most UNIX implementations, AIX provides a large number of network services enabling remote users to log in interactively, transfer files to and from the server, and issue commands to the server in a non-interactive fashion. Unfortunately, most of the daemons (programs running on the server that fulfill requests for particular services) were designed during a time when the security of systems and network traffic was an afterthought -- if it was thought of at all.
The protocols behind such services as
ftp contain no provision for the encryption of traffic passed over the network. Most network protocols contain methods for user authentication, but the methods are extremely weak and easily forged. Protocols allowing the transmission of user IDs and passwords from the client to the server in clear-text are common-place. In addition, there is no guarantee that the data transferred through the network has not been intercepted by a third-party and possibly altered.
The Secure Shell (SSH) protocol was developed to address the aforementioned problems caused by these inherently insecure services.
In 1995, the original SSH protocol was developed by Tatu Ylönen, a researcher at the Helsinki University of Technology, in Finland. Along with developing the protocol, Ylönen also wrote an implementation for UNIX systems, distributing the source as free software for unlimited use. As the popularity of the SSH software grew worldwide, Ylönen formed a company, SSH Communications Security, Ltd., in order to further development of the product (now licensed commercially, but with source available) and provide support.
In time, limitations and flaws were discovered in the original definition of the protocol. These problems could not be fixed without breaking compatibility with older versions, so a new protocol was defined fixing the issues with the original SSH protocol. As the various implementations of the protocol 2-based software mature and gain features, the use of the older protocol 1-based software will fade. For now, though, implementations of both protocol 1 and protocol 2 are in widespread use around the world; to provide service to the widest audience of clients, it is important for servers to support client connections via both protocols.
The Secure Shell protocol protects against the following problems, most of which are inherent in the design of the various protocols that SSH can replace:
- User and host authentication
SSH uses several strong cryptographic methods to ensure that both the client and the server are who they say they are. Unless both the server and the client agree that the user and host identities are valid, the connection is denied.
- Encryption of network traffic
All data transmitted over the network between an SSH client and an SSH server is encrypted with algorithms of varying strength. This ensures that if the network traffic is sniffed (intercepted and read by an unauthorized party), the contents of the packets will be unreadable.
- Integrity of data transmission
The SSH protocol assures the integrity of all data transmitted to and from a server. If a third-party attempts to alter the data packets, SSH detects this and alerts the user.
The creation of OpenSSH, a free implementation of both SSH protocol 1 and 2, was undertaken by the OpenBSD project in order to provide a Secure Shell implementation unencumbered by restrictive licensing. OpenSSH was first included with the release of OpenBSD 2.6. The quality and security of the code produced was excellent and it was quickly ported to other UNIX operating systems.
Currently, the development of OpenSSH is divided into two teams. One team does strictly OpenBSD-based development, aiming to produce code that is as clean, simple, and secure as possible. The other team takes the clean version and makes it portable so it builds and runs on many different operating systems, including AIX. The portable releases can be identified by the "p" in the version number (e.g., OpenSSH 3.0.1p1); source distributions without the "p" compile only on OpenBSD.