Collapse All Expand All Language Filter: All Language Filter: Multiple Language Filter: Visual Basic Language Filter: Visual Basic (Declaration) Language Filter: C# Language Filter: Managed Extensions for C++ Language Filter: C++/CLI

SSH Protocol

The Secure Shell (SSH) protocol is used to access shell accounts securely. It was conceived as a replacement for insecure telnet. The protocol is most often used for logging in to remote systems and executing commands. Several sessions may be maintained over a single SSH connection, which is typically made to the well-known TCP port 22. The current standard is SSH-2.

SSH uses public-key cryptography, in which asymmetric key algorithms create a public key and a secret private key. Data encrypted with the public key can only be decrypted with the private key. The secret key is shared between server and client using the Diffie-Helmman Key Exchange.

Data integrity is maintained using Message Authentication Codes (MAC). A Mac tag created using the secret key and the message is sent with the message. The remote system uses the received message to create a tag for comparison.

Establishing an SSH Connection

SSH connections are established over the following steps:

1. A cryptographic handshake confirms the server identity.
2. Data is encrypted using a symmetric cipher.
3. The client authenticates itself.

Architecture

SSH is architected in three layers:

1. Transport Layer. This layer handles the key exchange, server authentication, sets up encryption, employs compression, and performs data integrity verification.
2. Authentication Protocol Layer. This layer handles client authentication. Common authentication methods are simple password, public key (see Public Key Generation), and keyboard-interactive, in which the user keys in responses to server prompts.
3. Connection Protocol Layer. This layer hosts channels for interactive login sessions, remote execution of commands, and forwarded TCP/IP and X11 connections.

 

SFTP (SSH File Transfer Protocol)

SFTP is an extension of SSH, providing secure file access, transfer and management functionality. Common actions include getting and putting files, changing permissions of files, creating directories, listing directories, and deleting files and directories. SFTP is a different protocol than FTPS (FTP over SSL). While both protocols provide a means for secure file transfer, SFTP does not utilize the standard FTP protocol employed by FTPS.

Differences with FTPS

The major differences between SFTP and FTPS include:

1. SFTP only employs a single connection, unlike FTPS which uses two (one for commands and one for data), which makes it much more firewall-friendly. Also, the SFTP connection is always secure.
2. SFTP has a uniform directory listing format, unlike FTPS which had different listing formats for UNIX and DOS systems.
3. SFTP includes operations for setting file permissions and attributes as part of the standard.
4. SFTP uses a binary encoding, which is not human-readable like FTPS commands.

---

PowerTCP SSH and SFTP for .NET Documentation Version 7.0

© 2023 Dart Communications. All Rights Reserved.

Send comments on this topic