Talk:Secure Shell

From Wikipedia, the free encyclopedia

This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.
WikiProject on Cryptography This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography on Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.
WikiReader Cryptography It is intended that this article be included in WikiReader Cryptography, a WikiReader on the topic of cryptography. Help and comments for improving this article would be especially welcome. A tool for coordinating the editing and review of these articles is the daily article box.
To-do list for Secure Shell: edit · history · watch · refresh

Here are some tasks you can do:


    • The article is very technical and strongly relies on the knowledge of all underlying concepts to understand what ssh is. Start the article with an introduction of what ssh is which is more readable and move the current definition into a section called "definition".
    • Introduce how ssh can use public-key cryptography to enable a user to use passphrase-locked private keys in order to open a ssh connection. Currently there is a section "How it works - by analogy" at the end, but there is a gap because it's never explained how public-key cryprography is used in ssh, so this section should either be removed or (preferably) be embedded in an explanation how the concept of public-key crytography is used in ssh.
      • Renamed the section now to "How ssh uses public-key cryptography (with analogy)" and cleaned it up a bit. For example, I replaced the references to the reader using "You" and "Your" with "the user" and "the user's". It still needs more improvement to be understandable by someone who does not know ssh at all.
        • As far as I see, in that paragraph the basics of pulic key cryptography are described by analogy, but nothing's sait about how ssh uses this principle to identify the user. I would recommand that this paragraph be removed (Or maybe moved to p.k.c.) and be written from scrach (if someone wants it), if you asked for my single honest opinion.
          • PLEASE, get rid of this paragraph. It is horribly written and offers a pitifully simplistic analogy for the sake of accessibility. There is nothing special about SSH's use of public-key cryptography, so rather than a bad intro to public-key crypto, let's just send the reader to its proper article? I would erase this paragraph but I tried once and got reverted. Alg8662 06:45, 16 November 2007 (UTC)
    This article may be too technical for a general audience.
    Please help improve this article by providing more context and better explanations of technical details to make it more accessible, without removing technical details.

    Contents

    [edit] Is SSH a network protocol?

    How is SSH a network protocol?

    It's a TCP/IP service, no? And there are protocols for using that service (ssh protocol versions 1 and 2). It can be used in a way that is functionally similar to a protocol, but it's operating at a different network layer. Mr. Jones 15:33, 17 Nov 2004 (UTC)
    It is a protocol like IP ("Internet Protocol") is a protocol even though it's below TCP, and ARP ("Address Resolution Protocol") is a protocol even though in network layer terms it's below IP. SFTP ("Secure File Transfer Protocol") is a protocol even though in network layer terms it's above SSH, and HTTP ("Hypertext Transfer Protocol") is a protocol even though it's above TCP/IP, on the same level as SSH. The term "protocol" is independent of network layer. --Denis bider 04:17, 7 August 2005 (UTC)

    [edit] ReverseMappingCheck and VerifyReverseMapping are deprecated

    OpenSSH will moan if they're in sshd_config. They seem to be replaced by UseDNS, but does it do the same thing? If so, why don't the docs say so? Is the name change intended to clarify the risks involved or what? I've not been able to find much of use (just other people asking the same sort of questions) Mr. Jones 15:33, 17 Nov 2004 (UTC)

    [edit] Proposal to merge with SSH file transfer protocol

    AndriuZ has proposed that this article should be merged with SSH file transfer protocol. (I presume that it's intended that that article should be merged into secure shell.) -- JTN

    • My vote: don't merge. Lots of articles link specifically to SSH file transfer protocol, and this will make that harder. -- JTN 20:50, 2005 July 16 (UTC)
      • This is easy to resolve with REIDRECT . My idea is to make one good article from 3's :SSH -> Secure shell -> SSH file transfer protocol or something, because they are small and separated, dificult to overview. As reader I hardly found both. --AndriuZ 01:57, July 17, 2005 (UTC)
        • The SFTP link was difficult to find on the SSH page because there was only one link and it was lowercase. I left that link lowercase because it refers to a Unix program (though perhaps it should be uppercased?), but I added a new section which makes a clearer SFTP reference. It should now be easier to locate. --Denis bider 06:16, 7 August 2005 (UTC)
    • My vote: don't merge. Merging SFTP with SSH is the same as merging SSH with TCP/IP. SFTP is just another protocol layer, using SSH as data stream. (SFTP standard says: "The SSH File Transfer Protocol provides secure file transfer functionality over any reliable data stream"). Of course SFTP would be clearly mentioned as recommended way how to transfer file when SSH is available. -- Prikryl 06:51, 18 July 2005 (UTC)
    • My vote: don't merge. When people don't understand what I mean by SFTP, I point them here for a little background information and a list of clients. I believe merging with SSH could create confusion in that regard. -- Techtoucian 07:26, 28 July 2005 (UTC)
    • Agree with Prikryl - don't merge. Would be too much stuff on one page. Also, SFTP is a separate protocol which is not very entangled with SSH on the protocol level. Let's keep it unentangled here, as is correct. --Denis bider 06:16, 7 August 2005 (UTC)
    • Here's another vote for don't merge. SFTP could run over any other protocol (though I am not aware of it doing so). It simply uses SSH as the tansport, and most (probably all) SSH implementations include support for SFTP both client and server-side. If you would merge SFTP, would you merge, CVS, and/or rsync? --Mastahnke 00:48, 6 March 2006 (UTC)

    [edit] Is SSH Unix shell?

    The article was added to Category:Unix_shells by Kenguest. --Prikryl 07:54, 30 August 2005 (UTC)

    I'm afraid Kenguest is incorrect, so I've removed the category. SSH is a protocol, not a shell, just as Rsh and Telnet are protoocols, not shells. — Matt Crypto 08:07, 30 August 2005 (UTC)

    [edit] Broken External Links

    http://zippo.taiyo.co.jp/~gotoh/ssh/connect.html&e=1102

    [edit] Duplicate text

    The paragraph "Since SSH-1 has inherent design flaws which make it vulnerable to attacks, it is now ....which can make it hard to avoid the use of SSH-1." is in the article twice. Once in History and again in Architecture. Since I'm not sure which is preferred, I'm just noting it here. -- 128.170.83.114 22:56, 15 December 2005

    Removed the second instance. -- JTN 19:40, 5 January 2006 (UTC)

    [edit] bad link

    the xeyes picture displayed on this page(X over ssh) link to a different picture —The preceding unsigned comment was added by 213.189.165.28 (talkcontribs) 22:17, 13 March 2006 (UTC)

    [edit] Simple stuff

    I came here to figure out what the "ssh" was that my browser was talking about. Perhaps I am mistaken, but I think the majority of the people who visit a page like this are looking for similar simple information. While I recognize the importance of a comprehensive article, could the introduction be rewritten so it was aimed more at the layman? —The preceding unsigned comment was added by 68.110.239.108 (talk • contribs) 07:50, 1 April 2006 (UTC2)

    It's more likely that your browser was referring to SSL, rather than SSH. That article is likely to be too technical as well, I'm afraid. — Matt Crypto 13:22, 1 April 2006 (UTC)


    I for sure have SSH and Telnet applications on the computer I am using. I want to know what Telnet and SSH are in terms of practical applications. There is no way that the practical applications of these ideas are too technical. Fine it has technical aspects, but explain what I can do with them. I was just looking for programs to transfer files between two computers, and if wikipedia has entry that helps clear up some knowledge deficiencies that I have it would help greatly.

    [edit] SSH Security

    Hi guys. It is my understanding that no encryption employed today is 100 % secure. It would be nice to have a section in the article addressing how difficult it is to break an ssh connection. Like some measure in computing power or something similar.

    The difficulty of breaking the encryption depends on the specific algorithms used and the key size. That's not particularly SSH specific; a reader could read the key size article. What we could do is list what algorithms and key sizes are supported. — Matt Crypto 12:22, 23 April 2006 (UTC)
    And what the defaults are (since thats what most users will be using) Plugwash 21:14, 9 December 2006 (UTC)

    [edit] Estimating number of SSH users

    Where does the estimate of 2 million users at the end of 2000 (in the history section) come from?

    I found the following link which describes a study of the number of SSH servers: http://www.usenix.org/events/lisa2001/tech/full_papers/provos/provos_html/index.html which indicates that maybe 5% of hosts ran SSH services at the end of their survey.

    [edit] A better lead

    User:Interiot reverted my two changes to the lead. I attempted to simplify and clarify the all important first paragraph of this article. As it stands, the article is marked for cleanup, and SSH is clear as mud. Any suggestions or opinions? -- Perspective 00:01, 25 May 2006 (UTC)

    I was more concerned with the quotes than anything. The first sentence of an article is extremely important, and I think that 1) everyone should be free to tweak a word or two from the lead sentence (which quotes tend to discourage), and 2) from an aesthetic standpoint, I thought that the quotes and italics were unnecessarily making the lead sentence more difficult to read. Since the OpenSSH man page seems to be under the BSD license, you could actually just use the words without the quotes/italics (but still attribute it if needed). --Interiot 21:10, 3 June 2006 (UTC)

    [edit] Article name

    Wouldnt the article name be better as 'SSH' ? -- Frap 15:11, 29 May 2006 (UTC)

    [edit] http connect

    do any common clients actually present this interface for dynamic forwarding? I'm pretty sure putty and openssh only support socks. Plugwash 23:31, 3 July 2006 (UTC)

    [edit] How ssh uses public-key cryptography (with analogy)

    Yes, that was me that deleted this entire section (reverted by Root2). However, I still think it should be trashed. Saying that SSH supports public-key authentication is enough - just provide a link to the main Public-Key Cryptography article - there's nothing too revolutionary about SSH's implementation of it, and this section is just a poor overview of public-key cryptography. My golden retriever can write better than this - poor grammar, too many colloquialisms, and what the hell is a "Padlock" (mind you, this links to the article about the physical padlock...)?! Alright, enough moaning, tell me what you all think. Alg8662 03:03, 21 January 2007 (UTC)

    Don't worry! You can fix it yourself! :) Just remember to put a little something in the edit summary next time. (put [[cryptography]] in the article) Oh, by the way...Who's moaning?--Root2 03:27, 21 January 2007 (UTC)

    [edit] openssh supports also full VPN

    openssh based vpn is a simple and quite good tcp based vpn. Really easy to set up, between unixes. More info is on man page and the key is to use -w and tun devices.

    [edit] The "H"

    What does the "H" in "SSH" stand for? Boxmann (talk) 18:18, 16 January 2008 (UTC)

    Secure SHell. --Kgfleischmann (talk) 05:50, 17 January 2008 (UTC)

    [edit] Needs cleanup

    I don't know a lot about templates, but I know the article needs to be cleaned up, especially the "Uses of SSH" section and the section right after it. Anyone know of a template that says "this article needs to be edited"? They were written to be in bullet format, but it doesn't work because each point is a large paragraph. The first letter of each paragraph needs to be capitalized too. Entbark (talk) 22:46, 5 February 2008 (UTC)

    I agree. I took the liberty of trying to do a little clean-up on the 'Uses' section, but it could still use more. drt1245 (talk) 15:56, 15 March 2008 (UTC)