The modern “trusted enterprise” is synonymous with a near-universal technology called Secure Shell (SSH). Rather than logging into a server with a traditional username and password—a chore to remember and frequently subject to loss, theft, or compromise—server administrators typically authenticate to their target machines using a trusted SSH key. The key substitutes for user credentials, effectively allowing the administrator to log into the system through the key.
Administrators frequently are responsible for managing numerous machines in multiple locations on various platforms—Windows, Unix/Linux, and Apple—often connected to each other by nothing more than the public Internet. They typically require the ability to login to any system at any location from any other system or device. SSH makes it all possible. Yet why do we hear so comparatively little about it?
Despite its power and global reach, SSH remains relatively unknown to general business computer users and casual web surfers. Unlike SSL, which appears daily as a padlock icon and “https” indicator in the browser address bar, SSH has few applications for everyday users. It is largely limited to server administrators acting behind the scenes and to automated system-to-system interactions. Though little seen, this user base is massive in size and touches nearly every computing aspect.
SSH supports millions of users, employs hundreds of millions of authentication keys, and protects billions of transactions annually.
Ever-present usage, combined with relative low profile visibility and poor controls, makes SSH an enticing target for exploitation. Until recently, SSH did not make news headlines nearly as often as did SSL. New research demonstrates, however, that a staggering two-thirds of IT security professionals acknowledge that they own responsibility for the security of SSH keys. Over time, it seems that enterprises have been lulled into a false sense of security that SSH is inviolable, and this is precisely why cybercriminals are using it to attack trust.
SSH in a Nutshell
SSH is a network protocol that uses cryptography and public/private key technology to secure communication between computer hosts. A secure communication channel can be established between two hosts that are connected via an otherwise insecure network. SSH has become the de facto standard for remote connectivity and host administration, and its use is growing as more cloud solutions are enabled.
SSH is widely used as a replacement for less secure network communication protocols that were invented several decades ago without today’s security challenges in mind. Legacy protocols such as Telnet and FTP, for example, send clear text. An attacker can easily intercept the traffic flow and read the transmitted text.
The SSH protocol uses private/public key pairs to secure the authentication and establish trust between hosts. In addition, the communication channel is encrypted and prevents eavesdroppers from gaining access to confidential data. Once a secure communication channel is established, system administrators can use SSH to manage the remote host, transfer files, and execute commands on the remote host.
Many solutions today are deployed in the cloud and need to be managed remotely. SSH is commonly used to remotely manage these cloud resources.
SSH is primarily utilized for authentication and secure file transfer via encrypted tunnels, although it has many other beneficial uses. By contrast, SSL primarily provides encryption, while also delivering authentication and validation functions. Both technologies can be used simultaneously to authenticate and encrypt communications. SSH embodies elements of Telnet, FTP, VPN, and other legacy technologies that are more familiar to everyday computer users, all with added security, accessibility, and convenience.
Two SSH versions are currently in use. SSH-1 debuted as freeware in 1995. Current standard SSH-2, more robust and feature rich, was released by the Internet Engineering Task Force in 2006. The versions are deliberately incompatible due to a number of inherent design flaws and security vulnerabilities that have been found in SSH-1.3 Open-source OpenSSH, the most popular implementation, supports both SSH-1 and SSH-2. Tectia SSH, a for-profit variant, also has a loyal user base.
SSH has been around for a very long time, leading to problems of legacy keys remaining and unsecure configurations still running. It is important to note that even the “most secure” version of SSH is largely based on a 2006 specification and maintained by a small volunteer community!