IT Get in touch

OpenSSH: secure and open source remote access

OpenSSH provides a free implementation of the SSH protocol: public key authentication, encrypted tunneling and secure file transfer for every Unix server.

Open SourceCyber Security
Open SourceCyber Security Open SourceOpenSSHSSHSecurityCryptography
Linux Services & Systems

Linux Services & Systems

Domains, hosting, PEC, email infrastructure, network services and Linux systems. Open Source infrastructure support and management.

Discover →

From problem to solution

For years, remote access to Unix systems relied on telnet and rlogin: protocols that transmit credentials and data in plain text over the network. In a context where local networks extend over the Internet and traffic crosses shared infrastructure, this exposure represents a concrete risk. The SSH (Secure Shell) protocol, designed in 1995 by Tatu Ylönen at the University of Helsinki, was created to solve exactly this problem: an encrypted channel for remote sessions, file transfer and tunneling.

Ylönen’s original implementation, however, evolved towards a restrictive commercial licence. The OpenBSD project, known for its focus on security and code correctness, decided to develop a completely free implementation based on the last openly licensed version. This is how OpenSSH was born, and it quickly became the reference SSH implementation on virtually every Unix and Linux system.

Key features

OpenSSH implements the SSH-2 protocol with a comprehensive set of capabilities:

  • Public key authentication: RSA or DSA key pairs replace passwords, eliminating the risk of credential interception
  • Channel encryption: all traffic — including commands, output and transfers — is protected by algorithms such as 3DES and Blowfish
  • Port forwarding: it is possible to create encrypted tunnels for any TCP protocol, protecting application traffic that would otherwise travel in plain text
  • SCP and SFTP: secure file transfer, respectively via remote copy and FTP protocol over an SSH channel

Security as a process

The OpenBSD team applies to OpenSSH the same code auditing discipline that characterises the operating system: systematic review, privilege separation and attack surface minimisation. The sshd daemon uses privilege separation — an unprivileged process handles the network connection, delegating critical operations to a process with minimal privileges.

OpenSSH is now installed by default on nearly every Unix and Linux production server. telnet and rlogin, for any use involving untrusted networks, are effectively superseded.

Link: openssh.com

Need support? Under attack? Service Status
Need support? Under attack? Service Status