First page Back Continue Last page Overview Text


SSH’s first use was as a replacement for rsh, the Unix remote shell application. This tool allowed one to connect to a shell on a remote machine. The tool suffered from two major shortcomings. First, like telnet it sent all traffic in cleartext, meaning that a sniffer tool at any point between the two machines could read all commands sent and replies received. Secondly, the /etc/hosts.equiv and ~/.rhosts files listed trusted machines and users; these could make rsh connections without any further authentication. If an attacker compromised any of these trusted hosts, they would immediately get access to the rsh server with no more effort. Also, if the attacker was successfully able to spoof the IP address of a trusted host, they’d get the same access.
SSH encrypts all traffic, including the password or key authentication. It also uses host keys to definitively identify both hosts involved in the communication, getting around man-in-the-middle attacks and IP spoofing.