ssh-login

What is PuTTY?

putty

Let’s get some background on the topic first of all. PuTTY on its own has no meaning. However, it is a free and open-source software. In fact, it is a terminal emulator, serial console, and network file transfer application. A plenty of network protocols are supported through such application such as Secure Copy (SCP), Secure Shell (SSH), Telnet, rlogin, and raw socket connection. Moreover, a serial port could be connected by PuTTY.

It works fine on Microsoft Windows, which was originally intended to be served by such software. However, Unix-Like operating system has the ability to run some specific releases on them as well. Operating systems like Symbian, Windows Mobile, and Windows Phone are capable of running it as well yet there are no official ports for such platforms. Classic Mac OS and macOS are still worked on to provide a release to them as well.

What does PuTTY have as features?

putty

In fact, there are several features offered by PuTTY such as:

  • Secure remote terminal is up for variations
  • SSH encryption key and the version of the used protocol could be managed and controlled by the user
  • Alternate ciphers such as 3DES, Arcfour, Blowfish, DES, and Public-key authentication are also available.
  • Control sequences could also be emulated xterm, VT102 or ECMA-48 terminal emulation
  • Port forwarding with its diverse types: local, remote, and dynamic are all supported with SSH.
  • IPv6 is supported through the network communication layer
  • The scheme of delayed compression of [email protected] is also supported.
  • Connections with serial ports which are local are also allowed.
  • SSH File Transfer Protocol (SFTP) and SCP clients are specified for the command line. They are referred to as “pscp” and “psftp” respectively.
  • Sessions which are non-interactive depend on another connection tool of command line called plink. 

What is SSH?

putty

Here comes the point of Secure Shell (SSH). It is actually a cryptographic network protocol. What is used for then? It is mainly used for operation over a network which is not secured. Computer systems, for example, could be accessed remotely by users through such network protocol.

The architecture utilized by SSH protocol has the form of a client-server basis. An SSH server is connected to through an SSH client. While login through command-line and remote command execution are supported by most of the applications, SSH has the ability to work for any network service as long as one of the two versions are used: SSH-1 and SSH-2.

Windows is okay for SSH usage but with limited integrations. Unix-like operating systems can get an access to shell accounts using SSH. Protocols like Telnet, Rlogin, rsh, and rexec was intended to get replaced by SSH when first came into existence. The reason is that such protocols send valuable information such as passwords in a plain text format, which is completely insecure. Any packet analyzer has the ability to get such packets sniffed and the password becomes easily accessible then.

On the other hand, SSH offers a secure means of communication. Here, data is encrypted with no meaningful interpretation if sniffed and analyzed. Still, US Central Intelligence Agency relies on some security tools in order for them to get the SSH protocol cracked and the files decrypted at the end of the day. WikiLeaks is the government transparency organization which revealed such vital news last month.

Public or Private Keys

putty

Authenticating a remote computer and further authenticating the user on such computers depends on public-key cryptography used by SSH. Generated pairs of public-private keys automatically could be used for the sake of getting a network connection encrypted, then logging on could be authenticated via a password.

On the other hand, authentication could depend on generating pairs of public-private keys. This way, logging on by a user or a program does not require a password thereafter. While all computers should have the public key, a matching private key is solely owned by one computer or owner who already has access to these computers. The private key stays on its own location without being transferred through the network when the authentication process is performed.

So, what does SSH do at this moment? To elaborate, SSH only makes sure that both the public key and its matching private key exist on whoever offering the public key. Therefore, the authentication is accepted if they both existed. Unknown public keys could be verified in the same manner through knowing the identities such that any attacker could be identified prior to accepting a connection from him.

How does the key get managed?

putty

It is important to get to know the methodology in which a key is stored and checked when using SSH protocol for authentication. A file named ~/.ssh/authorized_keys contains the allowed public keys listed altogether inside the home directory on Unix-like systems.

In order to accomplish the authentication process perfectly, the public key is checked on the remote machine whereas the private key gets checked on the local machine. What happens next is that basically no passwords become needed for the competition of the authentication. Still, locking the private key with a passphrase is also an added layer of security to get the connection established. Some software such as Message Passing Interface (MPI) makes use of the nonexistence of password compliance when the public-private key authentication occurs.

Standard places could have the private key, while the command line setting (the option –i for ssh) can get the full path of the private key specified. Producing public and private keys in pairs could be done using the utility of SSH-keygen.

On the other hand, authentication processes depending on passwords are also supported by SSH protocol. Passwords are encrypted using some automatically generated keys by SSH. This aspect opens a door for an attacker to perform an attack of type man in the middle. In this attack, a fake server could manipulate the client and ask for the password and then get it instead of the legitimate server. Nevertheless, this could only be attained if it is the first time for the two sides never happened to get authenticated before since once they become authenticated, the public key of a server is remembered by SSH.

How could this attack be avoided? This is simply done by the fact that a warning gets displayed when a new, or a previously unknown server attempts to connect. Or, disabling the password authentication is another valid option to avoid the hassle of such attacks.

OpenSSH and OSSH

open_ssh

For the sake of making the software free and available to get used without any cost, the older 1.2.12 release of the original SSH program was the starting point when it was an open source software version. In 1999, using the codebase of such version, Björn Grönvall’s OSSH got released.

OpenBSD developers then worked on developing and improving the code of Grönvall. The result was the successful OpenSSH, which shipped with the 2.6 release of OpenBSD. OpenSSH was then able to get ported onto other operating systems through what is referred to as a portability branch.

OpenSSH supported a plenty of operating systems to the extent that back in 2005 it was the only SSH implementation running on several platforms. OSSH, on the other hand, came to vanish at the same time when OpenSSH got much more viral and popular.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

References

https://en.wikipedia.org/wiki/Secure_Shell

https://en.wikipedia.org/wiki/PuTTY

https://en.wikipedia.org/wiki/Comparison_of_SSH_clients
https://www.quora.com/What-purpose-putty-is-used

[ihc-select-level]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.