OpenSSH: Meaning (information, definition, explanation, facts)

OpenSSH (Open Secure Shell), a set of computer programs providing encrypted communication sessions over a computer network. It was created as an open alternative to Secure Shell (SSH).

History

OpenSSH was created by the OpenBSD team as an open alternative to SSH, which is now proprietary software. Its developers claim that OpenSSH is more secure than the original, partly due to the reputation of the OpenBSD developers in emphasising clean and well-audited code, which in turn contributes to security. Its security is further attributed to the fact that its source code is released under an Open Source license, the BSD license (to which the "Open" in the name refers). Although source code is available for the original SSH, various restrictions are imposed on its use and distribution, making OpenSSH a more attractive project for many software developers.

Since OpenSSH performs authentication, in particular, it runs into a lot of differences between operating systems. The OpenSSH Portability Team is responsible for adding code necessary for portability and issuing "Portable releases".

The OpenSSH suite includes:

• ssh (replaces rlogin and telnet) ssh tero@example.com
• scp (replaces rcp) scp tero@example.com: .
• sftp (replaces ftp) sftp tero@example.com
• sshd (the SSH daemon) /etc/init.d/sshd start

Most programs can be secured with OpenSSH, making it a strong alternative for VPN systems.

Any program using TCP connections (and preferably a single tcp port) can be used through secure tunnel. Some examples of easily tunneled programs are X Window System, http using a proxy and vnc. X Window System tunnel is often created automatically between two Linux computers, so GUI programs from remote computers can be run simply by typing their names: ssh -Y tero@example.com password: $ xclock

Programs whose tunneling is possible but slightly complex are ftp (not needed because of sftp) and SMB.

Some programs call OpenSSH to create the tunnel, such as DistCC, CVS, rsync, and fetchmail.

Remote filesystems can be mounted trough ssh using lufs or podfuk.

OpenSSH server authenticates users using its built-in authentication systems

• publickey (id.rsa, authorized_keys)
• keyboard-interactive (password:)

Newer versions (OpenSSH 3.8 and later?) can also use PAM for authentication. PAM makes advanced authentication schemes possible, such as one time passwords:

• OTPW
• S/KEY
• OPIE

OpenSSH versions older than 3.8 must run as root all the time to use, as they cannot use PrivilegeSeparation with PAM. This makes it too insecure to use PAM with older versions.