Security Benefits

The Secure Shell protocol provides four basic security benefits:

• User Authentication
• Host Authentication
• Data Encryption
• Data Integrity

User Authentication
Authentication, also referred to as user identity, is the means by which a system verifies that access is only given to intended users and denied to anyone else. Many authentication methods are currently in use, ranging from familiar typed passwords to more robust security mechanisms. Most Secure Shell implementations include password and public key authentication methods but others (e.g. kerberos, NTLM, and keyboard-interactive) are also available. The Secure Shell protocol's flexibility allows new authentication methods to be incorporated into the system as they become available.

Password Authentication
Passwords, in combination with a username, are a popular way to tell another computer that you are who you claim to be. If the username and password given at authentication match the username and password stored on a remote system, you are authenticated and allowed access. Some protocols like FTP and Telnet send usernames and passwords as easily visible ASCII text "in the clear" allowing anyone with a sniffer program to easily capture them and then gain access to the system (see Eavesdropping for more details). Secure Shell safeguards against this attack by encrypting all data, including usernames and passwords, before transmission.

Although passwords are convenient, requiring no additional configuration or setup for your users, they are inherently vulnerable in that they can be guessed, and anyone who can guess your password can get into your system (see the Need for Policy section for more details). Due to these vulnerabilities, it is recommended that you combine or replace password authentication with another method like public key.