Using SSH: Overview


You can configure SSH connections when you need secure, encrypted communications between a trusted host and your PC over an insecure network. SSH connections ensure that both the client user and the host computer are authenticated; and that all data is encrypted. Passwords are never sent over the network in a clear text format as they are when you use other protocols, such as Telnet.

Data Encryption Standards

Encryption protects the confidentiality of data in transit. This protection is accomplished by encrypting the data before it is sent using a secret key and cipher. The received data must be decrypted using the same key and cipher. The cipher used for a given session is the cipher highest in the client's order of preference that is also supported by the server. You can use the cipher list on the Advanced VT SSH dialog box to specify which ciphers the SSH connection should use.

Verastream Host Integrator supports the following data encryption standards:

Data Integrity

Data integrity ensures that data is not altered in transit. SSH connections use MACs (message authentication codes) to ensure data integrity. The client and server independently compute a hash for each packet of transferred data. If the message has changed in transit, the hash values are different and the packet is rejected. The MAC used for a given session is the MAC highest in the client's order of preference that is also supported by the server.

Verastream Host Integrator supports the following MAC standards:

If your SSH server on the host supports it, you always have the option of selecting None when choosing a MAC or data encryption standard.

The values for both the MAC and data encryption standards that you can select are dependent on whether the Only show FIPS validated values is enabled. This option filters the values available.

Digital Signatures

Digital signatures (hostkey algorithms) are used for public key authentication (including certificate authentication). The authenticating party uses the digital signature to confirm that the party being authenticated holds the correct private key. The SSH client uses a digital signature to authenticate the host. The SSH server uses a digital signature to authenticate the client when public key authentication is configured.

Verastream Host Integrator supports the following digital signature algorithms:

How does SSH work?

These are the basic steps involved in creating a SSH channel to transmit data securely.

 

  1. Establish a secure connection

    The client and server negotiate to establish a shared key and cipher to use for session encryption, and a hash to use for data integrity checking.

  2. Authenticate the server

    Server authentication enables the client to confirm the identity of the server. The server has only one chance to authenticate to the client during the authentication process. If this authentication fails, the connection fails.

  3. Authenticate the client

    Client authentication enables the server to confirm the identity of the client user. By default, the client is allowed multiple authentication attempts. The server and client negotiate to agree on one or more authentication methods.

  4. Send data through encrypted session

    Once the encrypted session is established, all data exchanged between the SSH server and client is encrypted.

  5. A channel is created and a terminal emulation using the terminal type specified in the configuration dialog box is started

    Users now have secure remote access to the server and can execute commands and transfer files securely through the secure channel.

 

Related Topics
Bullet Configuring a VT session
Bullet Using Model Variables for SSH Authentication
Bullet SSH Authentication Options
Bullet Advanced VT SSH Options