Differences
This shows you the differences between the selected revisions of the page.
| 2006-12-23 | 2007-06-06 | ||
| ui_login_ssh (martin) | no summary (67.163.93.71) | ||
| Line 1: | Line 1: | ||
| ====== Understanding SSH ====== | ====== Understanding SSH ====== | ||
| - | SSH is a cryptographically protected remote login protocol | + | SSH is a cryptographically protected remote login protocol that replaces insecure telnet and rlogin protocols. SSH·provides strong protection against password sniffing and third party·session monitoring, better protecting your authentication credentials |
| - | designed to replace the insecure telnet and rlogin protocols. SSH | + | |
| - | provides strong protection against password sniffing and third party | + | |
| - | session monitoring, better protecting your authentication credentials | + | |
| and privacy. In addition to protecting your passwords and your privacy, | and privacy. In addition to protecting your passwords and your privacy, | ||
| SSH offers additional authentication methods that are considered more | SSH offers additional authentication methods that are considered more | ||
| Line 42: | Line 39: | ||
| ===== Encryption in SSH ===== | ===== Encryption in SSH ===== | ||
| - | A number of encryption methods can be used by SSH clients and | + | SSH clients and servers can use a number of encryption methods. In the older SSH-1 protocol, 3DES and DES are typically used. |
| - | servers. In the older SSH-1 protocol, 3DES and DES are typically used. | + | |
| SSH-2 adds support for additional encryption methods including AES and | SSH-2 adds support for additional encryption methods including AES and | ||
| - | Blowfish. By default, AES is used if supported by the server. AES is | + | Blowfish. By default, AES is used if supported by the server. While AES is |
| - | considered to be highly secure, however substantial processor overhead | + | considered to be highly secure, AES encryption requires substantial processor overhead. Blowfish is also considered |
| - | is involved in performing AES encryption. Blowfish is also considered | + | |
| secure, but with less computational overhead, it's also theoretically | secure, but with less computational overhead, it's also theoretically | ||
| easier to perform a brute-force attack. Depending on your security and | easier to perform a brute-force attack. Depending on your security and | ||
| Line 58: | Line 53: | ||
| ===== SSH Protocols ===== | ===== SSH Protocols ===== | ||
| Two major versions of the SSH protocol are in widespread use. | Two major versions of the SSH protocol are in widespread use. | ||
| - | The SSH-1 protocol is an older version of the SSH protocol that's still | + | The SSH-1 protocol is an older version that's still |
| widely supported despite its age and some technical issues. The SSH-2 | widely supported despite its age and some technical issues. The SSH-2 | ||
| - | protocol has become the de-facto standard for most installations, | + | protocol has become the de-facto installation standard, though some systems only support SSH-1. In addition, many sites that use SSH-2 disable the SSH-1 protocol |
| - | although there are still a few systems out there only supporting SSH-1. | + | |
| - | Additionally, many sites that use SSH-2 now disable the SSH-1 protocol | + | |
| for security reasons. | for security reasons. | ||
| - | The default setting in WinSCP is to prefer SSH-2 and negotiate | + | WinSCP's default setting is to prefer SSH-2 and negotiate |
| down to SSH-1 if SSH-2 is not available. If the majority of systems you | down to SSH-1 if SSH-2 is not available. If the majority of systems you | ||
| connect to are using SSH-2, you may wish to change this setting in the | connect to are using SSH-2, you may wish to change this setting in the | ||
| Line 76: | Line 69: | ||
| slower transfers, particularly depending on the type of data being | slower transfers, particularly depending on the type of data being | ||
| transferred - large text files may still benefit significantly, while | transferred - large text files may still benefit significantly, while | ||
| - | binaries may actually transfer more slowly. You may wish to | + | binaries may actually transfer more slowly. You may want to |
| experiment to find what works best in your situation. Compression may | experiment to find what works best in your situation. Compression may | ||
| also improve security slightly, in part by rendering known-cyphertext | also improve security slightly, in part by rendering known-cyphertext | ||