Differences
This shows you the differences between the selected revisions of the page.
| 2015-02-19 | 2015-02-19 | ||
| ssh-1 is hardly used nowadays (and should not be used) (martin) | limit acronyms recognition (martin) | ||
| Line 1: | Line 1: | ||
| ====== Understanding SSH ====== | ====== Understanding SSH ====== | ||
| SSH is a cryptographically protected remote login protocol that replaces insecure telnet and rlogin protocols. It provides strong protection against password sniffing and third party session monitoring, better protecting your authentication credentials | SSH is a cryptographically protected remote login protocol that replaces insecure telnet and rlogin protocols. It provides strong protection against password sniffing and third party session monitoring, better protecting your authentication credentials | ||
| - | and privacy. In addition, SSH offers additional authentication methods that are considered more secure than passwords, such as [[public_key|public key authentication]] and extensive | + | and privacy. In addition, %%SSH%% offers additional authentication methods that are considered more secure than passwords, such as [[public_key|public key authentication]] and extensive |
| protection against spoofing. | protection against spoofing. | ||
| - | The SSH employs a public key cryptography that uses [[ssh_keys|two keys pairs, for host and user]]. | + | The %%SSH%% employs a public key cryptography that uses [[ssh_keys|two keys pairs, for host and user]]. |
| ===== Authentication in SSH ===== | ===== Authentication in SSH ===== | ||
| Line 14: | Line 14: | ||
| the option to choose which methods can be used. In WinSCP, you can configure this on //[[ui_login_authentication|SSH > Authentication page]]// of Advanced Site Settings dialog. | the option to choose which methods can be used. In WinSCP, you can configure this on //[[ui_login_authentication|SSH > Authentication page]]// of Advanced Site Settings dialog. | ||
| - | The actual order of authentication methods is as follows: [[ui_login_authentication#gssapi|GSSAPI]] (SSH-2 only), [[public key]] (using [[ui_pageant|Pageant]]), public key (using [[ui_login_authentication|configured file]]), keyboard-interactive (SSH-2 only), TIS or Cryptocard (SSH-1 only), password. | + | The actual order of authentication methods is as follows: [[ui_login_authentication#gssapi|GSSAPI]] (SSH-2 only), [[public key]] (using [[ui_pageant|Pageant]]), public key (using [[ui_login_authentication|configured file]]), keyboard-interactive (%%SSH-2%% only), TIS or Cryptocard (SSH-1 only), password. |
| ===== Verifying the Host Key ===== | ===== Verifying the Host Key ===== | ||
| Line 22: | Line 22: | ||
| SSH clients and servers can use a number of encryption methods. In the older SSH-1 protocol, 3DES and DES are typically used. | SSH clients and servers can use a number of encryption methods. In the older SSH-1 protocol, 3DES and DES are typically used. | ||
| SSH-2 adds support for additional encryption methods including AES and | SSH-2 adds support for additional encryption methods including AES and | ||
| - | Blowfish. By default, Blowfish is used if supported by the server. While AES is | + | Blowfish. By default, Blowfish is used if supported by the server. While %%AES%% is |
| - | considered to be highly secure, AES encryption requires substantial processor overhead. Blowfish is also considered | + | considered to be highly secure, %%AES%% encryption requires substantial processor overhead. Blowfish is also considered |
| secure, but with less computational overhead, it's also theoretically | secure, but with less computational overhead, it's also theoretically | ||
| easier to perform a brute-force attack. Depending on your security and | easier to perform a brute-force attack. Depending on your security and | ||
| performance requirements, you may wish to configure WinSCP to prefer | performance requirements, you may wish to configure WinSCP to prefer | ||
| - | the AES algorithm. 3DES and DES are used with SSH-1 servers. DES | + | the %%AES%% algorithm. %%3DES%% and %%DES%% are used with %%SSH-1%% servers. %%DES%% |
| is widely regarded as insecure, as the resources to perform an | is widely regarded as insecure, as the resources to perform an | ||
| exhaustive brute-force attack have been well within the realm of | exhaustive brute-force attack have been well within the realm of | ||