OpenSSH
Maintainer:	The OpenBSD Project
Latest release:	4.3 / February 1, 2006
OS:	Multiplatform
Genre:	Remote Access
License:	BSD
Website:	http://www.openssh.org

OpenSSH (Open Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol. It was created as an open alternative to the proprietary Secure Shell software. The project is led by Theo de Raadt from Calgary, Alberta. Image File history File links Openssh. ... Software maintenance is one of the activities in software engineering, and is the process of enhancing and optimizing deployed software (software release), as well as remedying defects. ... OpenBSD is a freely available Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative created by the University of California, Berkeley. ... A software release is to create a new version of the system or program and release it to the user community. ... February 1 is the 32nd day of the year in the Gregorian Calendar. ... 2006 (MMVI) is a common year starting on Sunday of the Gregorian calendar. ... An operating system is a program required for the user to manage the system and to run third-party application software for that system. ... A software genre is a classification of software by its common function, type or topic. ... A software license is a type of proprietary or gratuitous license as well as a memorandum of contract between a producer and a user of computer software — sometimes called an End User License Agreement (EULA) — that specifies the perimeters of the permission granted by the owner to the user. ... The front page of the English Wikipedia Website. ... A computer program or software program (usually abbreviated to a program) is a step-by-step list of instructions written for a particular computer architecture in a particular computer programming language. ... In cryptography, encryption is the process of obscuring information to make it unreadable without special knowledge. ... A computer network is a system for communication between computers. ... In computing, Secure shell, or SSH, is both a computer program and an associated network protocol designed for logging into and executing commands on a remote computer. ... Wikibooks has more about this subject: Internet Technologies/SSH In computing, Secure Shell or SSH is both a computer program and an associated network protocol designed for logging into and executing commands on a networked computer. ... Theo de Raadt, pronounced de rot, (born May 19, 1968 in Pretoria, South Africa) is a software engineer who lives in Calgary, Alberta, Canada. ... Template:Hide = Motto: Template:Unhide = Onward Area: 789. ...

History

OpenSSH was created by the OpenBSD team as an alternative to the original SSH software by Tatu Ylönen, which is now proprietary software. The OpenSSH developers claim that it is more secure than the original, due to their policy of producing clean and audited code and the fact, to which the word open in the name refers, that it is released under the open source BSD license. Although source code is available for the original SSH, various restrictions are imposed on its use and distribution, making OpenSSH a more attractive project for many software developers. OpenBSD is a freely available Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative created by the University of California, Berkeley. ... In computing, Secure shell, or SSH, is both a computer program and an associated network protocol designed for logging into and executing commands on a remote computer. ... It has been suggested that closed source be merged into this article or section. ... An audit is an evaluation of an organization, system, process, or product. ... Open source refers to projects that are open to the public and which draw on other projects that are freely available to the general public. ... The BSD license is an acronym for the Berkeley Software Distribution license agreement, and is one of the most widely used licenses for free software (a subset of open source software). ... Source code (commonly just source or code) is any series of statements written in some human-readable computer programming language. ...

OpenSSH first appeared in OpenBSD 2.6. OpenSSH 4.3 was released on February 1, 2006 [1]. February 1 is the 32nd day of the year in the Gregorian Calendar. ... 2006 (MMVI) is a common year starting on Sunday of the Gregorian calendar. ...

Trademark

In February of 2001, Tatu Ylönen, Chairman and CTO of SSH Communications Security informed the OpenSSH development mailing list, openssh-unix-dev@mindrot.org, that after speaking with key OpenSSH developers Markus Friedl, Theo de Raadt, and Niels Provos, the company would have to assert its ownership of the SSH and Secure Shell trademarks in order to protect them^[2]. Tatu also sought to change references to the protocol to SecSH or secsh, in order to maintain control of the name,he proposed having OpenSSH change it's name in order to avoid a lawsuit, Theo de Raadt refused outright to consider changing the project's name. Theo de Raadt, pronounced de rot, (born May 19, 1968 in Pretoria, South Africa) is a software engineer who lives in Calgary, Alberta, Canada. ...

At the time, "SSH", "Secure Shell" and "ssh" were used in the documents proposing the protocol as an open standard and it was hypothosised by many that by doing so, without marking these within the proposal as registered trademarks, Tatu was relinquishing all exclusive rights to the name as a means of describing the protocol. This is because in the United States it is imperative that trademarks be used in advertising copy as adjectives, never as nouns or verbs. Improper use of a trademark, or allowing others to use a trademark incorrectly, results in the trademark becoming a generic term, like Kleenex or Aspirin, which opens the mark to use by others, via the public domain^[3]. For information about the musical band of the same name, see Kleenex (band). ... Aspirin or acetylsalicylic acid is a drug in the family of salicylates, often used as an analgesic (against minor pains and aches), antipyretic (against fever), and anti-inflammatory. ...

Also brought into question was if the name "ssh" was trademarked, or mearly the logo using the lower case letters "ssh", many online pundits believed the latter, after study of the USPTO trademark database and also bringing doubt to the validity of the claim was the 6 years between the company's creation and the point in time when it began defending its trademark from free alternatives such as OpenSSH, and that only OpenSSH was receiving these threats of legal repercussions^[4]. The United States Patent and Trademark Office (PTO or USPTO) is an agency in the United States Department of Commerce that provides patent and trademark protection to inventors and businesses for their inventions and corporate and product identification. ...

Both developers of OpenSSH and Ylönen himself were members of the IETF workgroup developing the new standard, which after several meetings, denied Ylonen's request for a renaming of the protocol, citing concerns that it would set a bad precedent for other trademark claims against the IETF. The working group participants argued that both Secure Shell SSH were generic terms and that they could not be trademarks^[5].

Portability

Partly because OpenSSH is required to perform authentication, a capability that has many varying implementations between different operating systems, it requires a substantial portability infrastructure. Rather than including this directly into OpenBSD and OpenSSH, it is developed seperately as an addition under the auspices of the OpenSSH Portability Team and released as what are known as "portable releases". This model is also used for other OpenBSD projects such as OpenNTPD. Authentication is the act of establishing or confirming something or someone as authentic. ... ... An operating system is a program required for the user to manage the system and to run third-party application software for that system. ... In computer science, porting is the adaptation of a piece of software so that it will function in a different computing environment to that for which it was originally written. ... OpenNTPD is a Unix system daemon that uses the Network Time Protocol to synchronise clocks of computer systems with a reliable and accurate time source. ...

Programs included

The OpenSSH suite includes the following tools:

• ssh, a replacement for rlogin and telnet:

ssh user@example.com

• scp, a replacement for rcp:

scp user@example.com:~/somefile .

• sftp, a replacement for ftp:

sftp user@example.com

• sshd, the SSH daemon:

sshd

In computing, rlogin is a Unix software utility that allows users to log in on another host via a network, communicating via TCP port 513. ... Microsoft TELNET client animation. ... Secure Copy or SCP is a means of securely transferring computer files between a local and a remote host or between two remote hosts, using the Secure Shell (SSH) protocol. ... There is: Remote Copy Protocol (rcp) is a TCP/IP-based protocol used to copy files between computers on a network. ... The term SFTP can refer to several network protocols other than this one. ... The abbreviation FTP can refer to: The File Transfer Protocol used on the Internet. ... In Unix and other computer operating systems, a daemon is a particular class of computer program that runs in the background, rather than under the direct control of a user; they are usually instantiated as processes. ...

Secure tunnels

Port forwarding

Most programs making use of TCP connections can be passed over a secure tunnel using OpenSSH. This is used to multiplex additional TCP connections over a single ssh connection. It is useful for concealing connections and encrypting protocols which are otherwise unsecured, and for circumventing firewalls. UDP connections may sometimes be tunnelled with the aid of programs such as netcat. Examples of easily tunnelled programs include the X Window System, http using a proxy and VNC. An X Window System tunnel is often created automatically between two Unix computers, so GUI programs from remote computers can be run simply by typing their names: The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. ... The User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. ... In computing, netcat is a network utility for reading from and writing to network connections on either TCP or UDP. It is designed in a thin and simple way, which makes it easy to incorporate in larger applications. ... KDE 3. ... HTTP (for HyperText Transfer Protocol) is the primary method used to convey information on the World Wide Web. ... The word proxy is derived from proximity and can mean more than one thing: a person authorized to act for another person, or upon request by another person (see for example proxy murder) a proxy war is a war where two powers use third parties as a substitute for fighting... Virtual Network Computing (VNC) is a desktop sharing system which uses the RFB (Remote FrameBuffer) protocol to remotely control another computer. ... KDE 3. ... Wikibooks has more about this subject: Guide to UNIX Unix or UNIX is a computer operating system originally developed in the 1960s and 1970s by a group of AT&T Bell Labs employees including Ken Thompson, Dennis Ritchie, and Douglas McIlroy. ... Gui is short for Guilherme or Guilhermo or an iteration of that, in English it translates to Will. ...

 ssh -Y user@example.com password: $ xclock 

In addition, some software can be set to automatically make use of OpenSSH to create a tunnel. Examples include DistCC, CVS, rsync, and fetchmail. Programs where tunneling is possible but complex are ftp, which can often be replaced with sftp in any case, and SMB. On some operating systems, remote filesystems can be mounted over ssh using shfs, lufs or podfuk. distcc is a computer program that distributes processes of compiling C and its derivatives like C++ and Objective C source code over a computer network. ... The Concurrent Versions System (CVS), also known as the Concurrent Versioning System, implements a version control system: it keeps track of all work and all changes in a set of files, typically the implementation of a software project, and allows several (potentially widely separated) developers to collaborate. ... rsync is a computer program which synchronizes files and directories from one location to another while minimizing data transfer using delta encoding when appropriate. ... Fetchmail is a utility found on some Unix-like systems used to retrieve e-mail from a remote POP3, IMAP, ETRN or ODMR mail server to the users local system. ... The abbreviation FTP can refer to: The File Transfer Protocol used on the Internet. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... See Filing system for this term as it is used in libraries and offices In computing, a file system is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. ...

SOCKS

OpenSSH is capable of creating an ad hoc SOCKS proxy server to support more flexible proxying than is possible with ordinary port forwarding. For example: SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall. ...

 ssh -D1080 user@example.com 

establishes a local SOCKS server that listens on "localhost:1080".

tun-based VPN

Beginning with version 4.3, OpenSSH implements an OSI layer 2/3 "tun"-based VPN. This is the most flexible of OpenSSH's tunnelling capabilities, allowing applications to transparently access remote network resources without "socksification." The Open Systems Interconnection (usually abbreviated to OSI) was a new effort in networking started in 1982 by the International Organization for Standardization (ISO), along with the ITU-T. Prior to OSI, networking was completely vendor-developed and proprietary, with protocol standards such as SNA and DECnet. ... In computer networking, TUN and TAP are virtual network kernel drivers — they simulate network devices using software. ...

Authentication

OpenSSH server can authenticate users using its built-in authentication systems:

• public key,
• keyboard-interactive (passwords and challenge-response), and
• Kerberos/GSSAPI.

In addition, OpenSSH can often make use of additional authentication methods available on its host operating system. This can include using the BSD authentication system (bsd_auth) or PAM to enable authentication through methods such as one time passwords. PKC, see PKC (disambiguation) Public-key cryptography is a form of modern cryptography which allows users to communicate securely without previously agreeing on a shared secret key. ... A password is a form of secret authentication data that is used to control access to a resource. ... In computer security, challenge-response authentication relies on the possession of a secret of some sort to perform authentication. ... Kerberos is a computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. ... The Generic Security Services Application Program Interface (GSSAPI, also GSS-API) is, as its name suggests, an application programming interface for obtaining security services. ... BSD redirects here; for other uses see BSD (disambiguation). ... Pluggable authentication modules or PAM are a mechanism to integrate multiple low-level authentication schemes into a high-level API, which allows for programs that rely on authentication to be written independently of the underlying authentication scheme. ... A one-time password is one password in a set of passwords, so constructed that it is extremely difficult to calculate the next password in the set given the previous passwords. ...

An unfortunate side-effect of using PAM with OpenSSH is that it must be run as root when PAM support is enabled, as root privileges are typically required to operate PAM. OpenSSH versions after 3.7 allow the usage of PAM to be disabled at run-time, so regular users can run sshd instances. On many computer operating systems, superuser is the term used for the special user account that is controlled by the system administrator. ...

See also

• Comparison of SSH clients
• POSSE project
• FTP over SSH

An SSH client is a software program which uses the secure shell protocol to connect to a remote computer. ... Portable Open Source Security Elements, or POSSE, was a co-operative venture among the University of Pennsylvania Distributed Systems Laboratory, the OpenBSD project, and others, to provide increased security for Open Source projects such as OpenBSD, OpenSSL, and others. ... FTP over SSH refers to the process of tunneling a normal FTP session over an SSH connection. ...

References

1. ^ Ylonen, Tatu's mail to the openssh-unix-dev mailing list, found here. February 14, 2001. Accessed December 24, 2005.
2. ^ Newsforge article: "Ylönen: We own ssh trademark, but here's a proposal", available here. February 16, 2001. Accessed December 24, 2005.
3. ^ CNet News article: "Ssh! Don't use that trademark", found here. February 14, 2001. Accessed December 24, 2005.
4. ^ Network World article: "SSH inventor denied trademark request": available here. February 16, 2001. Accessed December 24, 2005.

February 14 is the 45th day of the year in the Gregorian Calendar. ... 2001: A Space Odyssey. ... December 24 is the 358th day of the year in the Gregorian Calendar (359th in leap years). ... 2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ... February 16 is the 47th day of the year in the Gregorian Calendar. ... 2001: A Space Odyssey. ... December 24 is the 358th day of the year in the Gregorian Calendar (359th in leap years). ... 2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ... February 14 is the 45th day of the year in the Gregorian Calendar. ... 2001: A Space Odyssey. ... December 24 is the 358th day of the year in the Gregorian Calendar (359th in leap years). ... 2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ... February 16 is the 47th day of the year in the Gregorian Calendar. ... 2001: A Space Odyssey. ... December 24 is the 358th day of the year in the Gregorian Calendar (359th in leap years). ... 2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...

External links

• OpenSSH home page
• OpenSSH for Windows
• Portable releases
• Darren Tucker's OpenSSH Page
• Privilege Separation of OpenSSH