OpenSSH - Development and Structure

Development and Structure

OpenSSH is developed as part of the OpenBSD operating system. Rather than including changes for other operating systems directly into OpenSSH, a separate portability infrastructure is maintained by the OpenSSH Portability Team and "portable releases" are made periodically. This infrastructure is substantial, partly because OpenSSH is required to perform authentication, a capability that has many varying implementations. This model is also used for other OpenBSD projects such as OpenNTPD.

The OpenSSH suite includes the following tools:

  • ssh, a replacement for rlogin, rsh and telnet to allow shell access to a remote machine.
  • scp, a replacement for rcp.
  • sftp, a replacement for ftp to copy files between computers.
  • sshd, the SSH server daemon.
  • ssh-keygen a tool to inspect and generate the RSA, DSA and Elliptic Curve keys that are used for user and host authentication.
  • ssh-agent and ssh-add, utilities to ease authentication by holding keys ready and avoid the need to enter passphrases every time they are used.
  • ssh-keyscan, which scans a list of hosts and collects their public keys.

The OpenSSH server can authenticate users using the standard methods supported by the ssh protocol: with a password; public-key authentication, using per-user keys; host-based authentication, which is a secure version of rlogin's host trust relationships using public keys; keyboard-interactive, a generic challenge-response mechanism that is often used for simple password authentication but which can also make use of stronger authenticators such as tokens; and Kerberos/GSSAPI. The server makes use of authentication methods native to the host operating system; this can include using the BSD authentication system (bsd auth) or PAM to enable additional authentication through methods such as one time passwords. However, this occasionally has side-effects: when using PAM with OpenSSH it must be run as root, as root privileges are typically required to operate PAM. OpenSSH versions after 3.7 (September 16, 2003) allow PAM to be disabled at run-time, so regular users can run sshd instances.

Read more about this topic:  OpenSSH

Famous quotes containing the words development and/or structure:

    Good schools are schools for the development of the whole child. They seek to help children develop to their maximum their social powers and their intellectual powers, their emotional capacities, their physical powers.
    James L. Hymes, Jr. (20th century)

    If rightly made, a boat would be a sort of amphibious animal, a creature of two elements, related by one half its structure to some swift and shapely fish, and by the other to some strong-winged and graceful bird.
    Henry David Thoreau (1817–1862)