Security Benefits (continued)

Data Encryption
Encryption, sometimes referred to as privacy, means that your data is protected from disclosure to a would-be attacker "sniffing" or eavesdropping on the wire. Ciphers are the mechanism by which Secure Shell encrypts and decrypts data being sent over the wire. A block cipher is the most common form of symmetric key algorithms (e.g. DES, 3DES, Blowfish, AES, and Twofish). These operate on a fixed size block of data, use a single, secret, shared key, and generally involve multiple rounds of simple, non-linear functions. The data at this point is "encrypted" and cannot be reversed without the shared key.

When a client establishes a connection with a Secure Shell server, they must agree which cipher they will use to encrypt and decrypt data. The server generally presents a list of the ciphers it supports, and the client then selects the first cipher in its list that matches one in the server's list.

Session keys are the "shared keys" described above and are randomly generated by both the client and the server during establishment of a connection. Both the client and host use the same session key to encrypt and decrypt data although a different key is used for the send and receive channels. Session keys are generated after host authentication is successfully performed but before user authentication so that usernames and passwords can be sent encrypted. These keys may be replaced at regular intervals (e.g., every one to two hours) during the session and are destroyed at its conclusion.

<< Host Authentication

Data Integrity >>