|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: Security Services Oracle Solaris 10 8/11 Information Library|
In Secure Shell, authentication is provided by the use of passwords, public keys, or both. All network traffic is encrypted. Thus, Secure Shell prevents a would-be intruder from being able to read an intercepted communication. Secure Shell also prevents an adversary from spoofing the system.
Secure Shell can also be used as an on-demand virtual private network (VPN). A VPN can forward X Window system traffic or can connect individual port numbers between the local machines and remote machines over an encrypted network link.
With Secure Shell, you can perform these actions:
Log in to another host securely over an unsecured network.
Copy files securely between the two hosts.
Run commands securely on the remote host.
Secure Shell supports two versions of the Secure Shell protocol. Version 1 is the original version of the protocol. Version 2 is more secure, and it amends some of the basic security design flaws of version 1. Version 1 is provided only to assist users who are migrating to version 2. Users are strongly discouraged from using version 1.
Note - Hereafter in this text, v1 is used to represent version 1, and v2 is used to represent version 2.
Secure Shell provides public key and password methods for authenticating the connection to the remote host. Public key authentication is a stronger authentication mechanism than password authentication, because the private key never travels over the network.
The authentication methods are tried in the following order. When the configuration does not satisfy an authentication method, the next method is tried.
GSS-API – Uses credentials for GSS-API mechanisms such as mech_krb5 (Kerberos V) and mech_dh (AUTH_DH) to authenticate clients and servers. For more information on GSS-API, see Introduction to GSS-API in Developer’s Guide to Oracle Solaris Security.
Public key authentication – Authenticates users with their RSA and DSA public/private keys.
Password authentication – Uses PAM to authenticate users. Keyboard authentication method in v2 allows for arbitrary prompting by PAM. For more information, see the SECURITY section in the sshd(1M) man page.
The following table shows the requirements for authenticating a user who is trying to log into a remote host. The user is on the local host, the client. The remote host, the server, is running the sshd daemon. The table shows the Secure Shell authentication methods, the compatible protocol versions, and the host requirements.
Table 19-1 Authentication Methods for Secure Shell
For a comprehensive discussion of Secure Shell on an Oracle Solaris system, see Secure Shell in the Enterprise, by Jason Reid, ISBN 0-13-142900-0, June 2003. The book is part of the Sun BluePrints Series published by Sun Microsystems Press.