Guenadi N Jilevski's Oracle BLOG




ssh (Secure Shell) Utility securely executes commands on a remote system.

Syntax :
ssh [option] [user@]host [command-line]
host – system that we want to loginor run a command on

Various options are given below.
-f – Not foreground. Sends ssh to the background after asking for a password and before executing command-line.
-l user – Attempts to log in as a user.This option is equivalent to using user@ on the command-line.
-n – null.Redirects standard input to ssh to come from /dev/null
-p port – connects to the port “port” on the remote host
-q(quiet) – suppresses warnings and diagnostic messages
-t(tty) – allocates a pseudo-tty to the ssh process on the remote system.Without this option,when we run a command on the remote system,ssh does not allocate a tty(terminal) to the process.Instead ssh attaches standard input and standard output of the remote process to the ssh session .
-v(verbose) – Displays debugging messages about the connection and transfer.
-x(X11) – Turns Off X11 forwarding
-X(X11) – turns on X11 forwarding.

X11 forwarding may be turned on in the configuration file.

What is Openssh?
Using public-key encryption ,OpenSSH provides two levels of authentication:Server and client/user.

First,the client(ssh or scp) verifies that it is connected to the correct server and OpenSSH encrypts communication between the client and server.

Second,once a secure,encrypted connection has been established,Open SSH confirms that the user is authorised to log in on or copy files from/to the server.

Once the system and user have been verified,OpenSSH allows different servics to passthrough the connection.These services include interactive shell session(ssh),remote command execution(ssh and scp),X11 client/server connections,and TCP/IP port tunneling.

What happens when we connect to server initially?
When we connect to the Openssh server for the first time,the OpenSSh client prompts us to confirm that we have connected to the correct system.This checking can help prevent a person-in-the-middle attack.

RSA key Finger print message is displayed and prompts us to allo/deny further proceeding.

When we type yes and press enter, the client appends the server’s public host key to the user’s ~/.ssh/known_hosts file on the local system,creating the ~/.ssh directory if necessary.So that it can keep track of which line in known_hosts applies to which server,OpenSSH prepends the name of the server and the server’s IP address to the line.Subsequently when we use OpenSSH to connect to that server,the client verifies thatit is connected to the correct server by comparing this key to the one supplied by the server.

December 23, 2008 - Posted by | oracle

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: