OpenSSH

OpenSSH (Open Secure Shell) is a set of applications that allow encrypted communications over a network, using the SSH protocol. It was created as a free and open alternative to the Secure Shell program, which is proprietary software. The project is led by Calgary resident Theo de Raadt.

History

Its developers claim that OpenSSH is more secure than the original, which is due to the well-known reputation of OpenBSD developers for creating clean and perfectly audited code, which contributes to making it more secure. Its security is also attributable to the fact that its source code is freely distributed under a BSD license. Although all of the original SSH source code is also available, there are restrictions regarding its use and distribution, making OpenSSH a much more attractive project for new developers.

The first time OpenSSH appeared was in the OpenBSD 2.6 version and the first independent version was released in October 1999.

Publication history:

• OpenSSH 8.8: September 26, 2021
  • Includes a discontinuation notice of scp/rcp protocols to use SFTP as default.
• OpenSSH 8.7: August 20, 2021
• OpenSSH 8.6: April 19, 2021
• OpenSSH 8.5: March 3, 2021
• OpenSSH 8.4: September 27, 2020
• OpenSSH 8.3: May 27, 2020
• OpenSSH 8.2: February 14, 2020
• OpenSSH 8.1: October 9, 2019
• OpenSSH 8.0: April 17, 2019
• OpenSSH 7.9: October 19, 2018

• OpenSSH 7.8: August 24, 2018
• OpenSSH 7.7: April 3, 2018
• OpenSSH 7.5: March 20, 2017
• OpenSSH 7.3: August 1, 2016
• OpenSSH 7.2: February 29, 2016
• OpenSSH 7.1: August 21, 2015
• OpenSSH 7.0: August 11, 2015
• OpenSSH 6.9: July 1, 2015
• OpenSSH 6.8: March 18, 2015
• OpenSSH 6.7: October 6, 2014
• OpenSSH 6.6: March 15, 2014
• OpenSSH 6.5: January 30, 2014
• OpenSSH 6.4: November 8, 2013
• OpenSSH 6.3: September 13, 2013
• OpenSSH 6.2: March 22, 2013
• OpenSSH 6.1: August 29, 2012
• OpenSSH 6.0: April 22, 2012
• OpenSSH 5.9: September 6, 2011
• OpenSSH 5.8: February 4, 2011
• OpenSSH 5.7: January 24, 2011
• OpenSSH 5.6: August 23, 2010
• OpenSSH 5.5: April 16, 2010
• OpenSSH 5.4: March 8, 2010
• OpenSSH 5.3: 1 October 2009
• OpenSSH 5.2: February 23, 2009
• OpenSSH 5.1: June 21, 2008
• OpenSSH 5.0: April 3, 2008
• OpenSSH 4.9: March 30, 2008
  • Incorporated chroot support for sshd
• OpenSSH 4.7: September 4, 2007
• OpenSSH 4.6: March 9, 2007
• OpenSSH 4.5: 7 November 2006
• OpenSSH 4.4: September 27, 2006
• OpenSSH 4.3: 1 February 2006
• OpenSSH 4.2: September 1, 2005
• OpenSSH 4.1: 26 May 2005
• OpenSSH 4.0: March 9, 2005
• OpenSSH 3.9: August 17, 2004
• OpenSSH 3.8: February 24, 2004
• OpenSSH 3.7.1: September 16, 2003
• OpenSSH 3.7: September 16, 2003
• OpenSSH 3.6.1: April 1, 2003
• OpenSSH 3.6: March 31, 2003
• OpenSSH 3.5: 14 October 2002
• OpenSSH 3.4: June 26, 2002

Portability

As OpenSSH is a communication application between computers, it must work on as many operating systems as possible, for which there is a team called OpenSSH Portability Team that is responsible for adding the code necessary to port the software to all possible platforms.

Applications included

The OpenSSH suite includes:

• sshreplaces rlogin and telnet to allow shell remote access to another machine. ssh tero@ejemplo.com
• scpreplace rcp scp tero@ejemplo.com:~/archivo.
• sftpreplaces ftp to copy files between two computers sftp tero@ejemplo.com
• sshdThe Devil SSH server sshd
• ssh-keygen, a tool to inspect and generate RSA and DSA keys that are used for customer or user authentication.
• ssh-agent and ssh-add, tools to authenticate more easily, keeping the keys ready so you don't have to re-enter the access phrase whenever you use the key.
• ssh-keyscanwhich scans a list of customers and collects their public keys.

The OpenSSH server can authenticate users using all standard ssh protocol methods

Safe tunnels

Many applications can be secured with OpenSSH, making this system a powerful alternative to VPN systems.

Any application that uses TCP connections (preferably with a single TCP port) can be used through a secure tunnel. Some examples of easily tunneled applications are the X Window System, http using a proxy and VNC. The tunnel for the X Window System is automatically created between two computers running Unix, so applications with graphical interfaces can be run from remote computers simply by typing their names:

 ssh - And tero@ejemplo.com
password:
$ xclock

Among the applications whose tunneling is possible, although complex, are FTP (not necessary, due to the existence of sftp) and SMB.

Some applications call OpenSSH to create the tunnel, such as DistCC, CVS, rsync, and fetchmail.

Remote filesystems can be mounted over ssh using shfs, lufs, or podfuk.

Authentication

The OpenSSH server authenticates users using its own authentication systems, implemented in the software itself:

• Public key (id.rsa, authorized_keys)
• Password
• Kerberos/GSSAPI

OpenSSH can also use PAM to perform authentication. PAM allows the selection of authentication methods and their policy at runtime, allowing advanced authentication methods such as:

• OTPW
• S/KEY
• OPIE

OpenSSH versions older than 3.7 must be run as root whenever PAM support is enabled, as root permissions are required to enable PAM. Newer versions of OpenSSH allow you to disable the use of PAM while running. Through this system normal users can run sshd instances.

Books

• Michael Stahnke, Pro OpenSSH. (English) ISBN 1-59059-476-2.
• Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes, SSH, The Secure Shell: The Definitive Guide, Second Edition. ISBN 0-596-00895-3 (English, first edition ISBN 0-596-00011-1).