SSH Protocol

SSH was originally intended to replace Telnet and the UNIX r- commands. Both of these session types have vulnerabilities, such as spoofing, man-in-the-middle attacks, and session hijacking, which SSH addresses and mitigates for the most part. For maintaining confidentiality and integrity in accessing a router, it is recommended to deploy SSH rather than Telnet.

SSH protects against the following:

• Attacks from machines pretending to be another server, router, or a domain name server

• Internet Protocol (IP) spoofing, where a remote host sends out packets that pretend to come from another trusted host

• IP source routing, where a host can pretend that an IP packet comes from another trusted host

• Domain Name System (DNS) spoofing, where an attacker forges name server records

• Interception of clear-text passwords or data on the network

• Manipulation of data by people in control of intermediate hosts

There are two versions of SSH, SSHv1 and SSHv2. The difference between them is that they are completely different protocols. SSHv2 is an entire rewrite of SSH1. Each version encrypts different parts of the packet, and SSH1 uses server and host keys, whereas just host keys are used in SSHv2. SSHv2 is also more secure and has better performance and portability. SSHv2 mitigates the man-in-the-middle attack vulnerability of SSHv1.

Cisco IOS Software Release 12.3(4)T introduces limited SSH server support for SSHv2. Support for Execution Shell and Secure Copy Protocol (SCP) is provided in this new version. SSHv2 clients are currently not supported in Cisco IOS Software.

0 0

Post a comment