Your browser does not allow storing cookies. We recommend enabling them.


Origins of Secure Shell

The Secure Shell concept originated on Unix as a replacement of the unsecured "Berkeley services", that is, the rsh, rcp, and rlogin commands. Secure Shell replaces also other unsecured terminal applications such as Telnet and FTP.

An increasing number of remote access tasks involve the exchange of confidential data over unsecured TCP/IP networks. A typical example of a remote access task is business e-mail where confidentiality of the data and authentication of the user are highly desired.

The core communication protocols used on the Internet do not natively provide confidentiality for data. Security services are thus deployed to protect the transmitted data from monitoring and modification by unauthorized parties. Security services eliminate many threats that exist on the Internet.

Passive Attacks

In a passive attack, the attacker monitors and maybe records the data that passes by on the network. Examples of passive attacks are eavesdropping and traffic analysis. Passive attacks are very hard to detect since they leave little or no trace of activity.

Active Attacks

In active attacks, the attacker takes an active part in the communication. The attacker modifies or deletes data belonging to the stream coming from a legitimate party, inserts extra data to the stream, or initiates direct connections. Examples of active attacks are IP spoofing, TCP hijacking, replay, routing spoofing, and denial of service (DoS). Active attacks are usually easier to detect, but they also cause most harm.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now