Talk:Secure Shell

From Wikipedia, the free encyclopedia
Jump to: navigation, search
          This article is of interest to the following WikiProjects:
WikiProject Computing / Networking (Rated C-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
C-Class article C  This article has been rated as C-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by Networking task force (marked as High-importance).
WikiProject Internet  
WikiProject icon This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
WikiProject Cryptography / Computer science   
WikiProject icon This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the quality scale.
 ???  This article has not yet received a rating on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science.
edit·history·watch·refresh Stock post message.svg To-do list for Secure Shell:

Here are some tasks awaiting attention:
    • The article is very technical and strongly relies on the knowledge of all underlying concepts to understand what ssh is. Start the article with an introduction of what ssh is which is more readable and move the current definition into a section called "definition".
    • Introduce how ssh can use public-key cryptography to enable a user to use passphrase-locked private keys in order to open a ssh connection. Currently there is a section "How it works - by analogy" at the end, but there is a gap because it's never explained how public-key cryprography is used in ssh, so this section should either be removed or (preferably) be embedded in an explanation how the concept of public-key crytography is used in ssh.
      • Renamed the section now to "How ssh uses public-key cryptography (with analogy)" and cleaned it up a bit. For example, I replaced the references to the reader using "You" and "Your" with "the user" and "the user's". It still needs more improvement to be understandable by someone who does not know ssh at all.
        • As far as I see, in that paragraph the basics of pulic key cryptography are described by analogy, but nothing's said about how ssh uses this principle to identify the user. I would recommand that this paragraph be removed (Or maybe moved to p.k.c.) and be written from scrach (if someone wants it), if you asked for my single honest opinion.
          • PLEASE, get rid of this paragraph. It is horribly written and offers a pitifully simplistic analogy for the sake of accessibility. There is nothing special about SSH's use of public-key cryptography, so rather than a bad intro to public-key crypto, let's just send the reader to its proper article? I would erase this paragraph but I tried once and got reverted. Alg8662 06:45, 16 November 2007 (UTC)

    Is SSH a network protocol?[edit]

    How is SSH a network protocol?

    It's a TCP/IP service, no? And there are protocols for using that service (ssh protocol versions 1 and 2). It can be used in a way that is functionally similar to a protocol, but it's operating at a different network layer. Mr. Jones 15:33, 17 Nov 2004 (UTC)
    It is a protocol like IP ("Internet Protocol") is a protocol even though it's below TCP, and ARP ("Address Resolution Protocol") is a protocol even though in network layer terms it's below IP. SFTP ("Secure File Transfer Protocol") is a protocol even though in network layer terms it's above SSH, and HTTP ("Hypertext Transfer Protocol") is a protocol even though it's above TCP/IP, on the same level as SSH. The term "protocol" is independent of network layer. --Denis bider 04:17, 7 August 2005 (UTC)

    ReverseMappingCheck and VerifyReverseMapping are deprecated[edit]

    OpenSSH will moan if they're in sshd_config. They seem to be replaced by UseDNS, but does it do the same thing? If so, why don't the docs say so? Is the name change intended to clarify the risks involved or what? I've not been able to find much of use (just other people asking the same sort of questions) Mr. Jones 15:33, 17 Nov 2004 (UTC)

    Proposal to merge with SSH file transfer protocol[edit]

    AndriuZ has proposed that this article should be merged with SSH file transfer protocol. (I presume that it's intended that that article should be merged into secure shell.) -- JTN

    • My vote: don't merge. Lots of articles link specifically to SSH file transfer protocol, and this will make that harder. -- JTN 20:50, 2005 July 16 (UTC)
      • This is easy to resolve with REIDRECT . My idea is to make one good article from 3's :SSH -> Secure shell -> SSH file transfer protocol or something, because they are small and separated, dificult to overview. As reader I hardly found both. --AndriuZ 01:57, July 17, 2005 (UTC)
        • The SFTP link was difficult to find on the SSH page because there was only one link and it was lowercase. I left that link lowercase because it refers to a Unix program (though perhaps it should be uppercased?), but I added a new section which makes a clearer SFTP reference. It should now be easier to locate. --Denis bider 06:16, 7 August 2005 (UTC)
    • My vote: don't merge. Merging SFTP with SSH is the same as merging SSH with TCP/IP. SFTP is just another protocol layer, using SSH as data stream. (SFTP standard says: "The SSH File Transfer Protocol provides secure file transfer functionality over any reliable data stream"). Of course SFTP would be clearly mentioned as recommended way how to transfer file when SSH is available. -- Prikryl 06:51, 18 July 2005 (UTC)
    • My vote: don't merge. When people don't understand what I mean by SFTP, I point them here for a little background information and a list of clients. I believe merging with SSH could create confusion in that regard. -- Techtoucian 07:26, 28 July 2005 (UTC)
    • Agree with Prikryl - don't merge. Would be too much stuff on one page. Also, SFTP is a separate protocol which is not very entangled with SSH on the protocol level. Let's keep it unentangled here, as is correct. --Denis bider 06:16, 7 August 2005 (UTC)
    • Here's another vote for don't merge. SFTP could run over any other protocol (though I am not aware of it doing so). It simply uses SSH as the tansport, and most (probably all) SSH implementations include support for SFTP both client and server-side. If you would merge SFTP, would you merge, CVS, and/or rsync? --Mastahnke 00:48, 6 March 2006 (UTC)

    Is SSH Unix shell?[edit]

    The article was added to Category:Unix_shells by Kenguest. --Prikryl 07:54, 30 August 2005 (UTC)

    I'm afraid Kenguest is incorrect, so I've removed the category. SSH is a protocol, not a shell, just as Rsh and Telnet are protoocols, not shells. — Matt Crypto 08:07, 30 August 2005 (UTC)

    Broken External Links[edit]

    Duplicate text[edit]

    The paragraph "Since SSH-1 has inherent design flaws which make it vulnerable to attacks, it is now ....which can make it hard to avoid the use of SSH-1." is in the article twice. Once in History and again in Architecture. Since I'm not sure which is preferred, I'm just noting it here. -- 22:56, 15 December 2005

    Removed the second instance. -- JTN 19:40, 5 January 2006 (UTC)

    bad link[edit]

    the xeyes picture displayed on this page(X over ssh) link to a different picture —The preceding unsigned comment was added by (talkcontribs) 22:17, 13 March 2006 (UTC)

    Simple stuff[edit]

    I came here to figure out what the "ssh" was that my browser was talking about. Perhaps I am mistaken, but I think the majority of the people who visit a page like this are looking for similar simple information. While I recognize the importance of a comprehensive article, could the introduction be rewritten so it was aimed more at the layman? —The preceding unsigned comment was added by (talkcontribs) 07:50, 1 April 2006 (UTC2)

    It's more likely that your browser was referring to SSL, rather than SSH. That article is likely to be too technical as well, I'm afraid. — Matt Crypto 13:22, 1 April 2006 (UTC)

    I for sure have SSH and Telnet applications on the computer I am using. I want to know what Telnet and SSH are in terms of practical applications. There is no way that the practical applications of these ideas are too technical. Fine it has technical aspects, but explain what I can do with them. I was just looking for programs to transfer files between two computers, and if wikipedia has entry that helps clear up some knowledge deficiencies that I have it would help greatly.

    You can do almost anything over SSH. I think it should just be pointed out that it is a means to access the shell of another machine over a secure session. (talk) 20:55, 17 March 2015 (UTC)

    Added a link to a very basic intro to SSH and what it can do for you. Hopefully this should be of use to the non-technical readers of the article. (talk) 10:12, 12 September 2008 (UTC)

    What's wrong with Secure Shell#Uses of SSH? It's hard to know what you're missing when you're not telling. Although I see now that some of it is indirect and convoluted – I'll attempt some mild changes. JöG (talk) 19:00, 3 October 2008 (UTC)

    SSH Security[edit]

    Hi guys. It is my understanding that no encryption employed today is 100 % secure. It would be nice to have a section in the article addressing how difficult it is to break an ssh connection. Like some measure in computing power or something similar.

    The difficulty of breaking the encryption depends on the specific algorithms used and the key size. That's not particularly SSH specific; a reader could read the key size article. What we could do is list what algorithms and key sizes are supported. — Matt Crypto 12:22, 23 April 2006 (UTC)
    And what the defaults are (since thats what most users will be using) Plugwash 21:14, 9 December 2006 (UTC)
    Actually, Claude Shannon proved that the One-time pad achieves what he called perfect secrecy. With correct (cumbersome) usage, I think it is fair to claim that the One-time pad is 100% secure. For this reason, and due to its low-tech nature, I would not be surprised if this method is still used, e.g. in the military or in embassies. Lklundin (talk) 14:27, 16 January 2009 (UTC)

    Estimating number of SSH users[edit]

    Where does the estimate of 2 million users at the end of 2000 (in the history section) come from?

    I found the following link which describes a study of the number of SSH servers: which indicates that maybe 5% of hosts ran SSH services at the end of their survey.

    A better lead[edit]

    User:Interiot reverted my two changes to the lead. I attempted to simplify and clarify the all important first paragraph of this article. As it stands, the article is marked for cleanup, and SSH is clear as mud. Any suggestions or opinions? -- Perspective 00:01, 25 May 2006 (UTC)

    I was more concerned with the quotes than anything. The first sentence of an article is extremely important, and I think that 1) everyone should be free to tweak a word or two from the lead sentence (which quotes tend to discourage), and 2) from an aesthetic standpoint, I thought that the quotes and italics were unnecessarily making the lead sentence more difficult to read. Since the OpenSSH man page seems to be under the BSD license, you could actually just use the words without the quotes/italics (but still attribute it if needed). --Interiot 21:10, 3 June 2006 (UTC)

    Article name[edit]

    Wouldnt the article name be better as 'SSH' ? -- Frap 15:11, 29 May 2006 (UTC)

    http connect[edit]

    do any common clients actually present this interface for dynamic forwarding? I'm pretty sure putty and openssh only support socks. Plugwash 23:31, 3 July 2006 (UTC)

    How ssh uses public-key cryptography (with analogy)[edit]

    Yes, that was me that deleted this entire section (reverted by Root2). However, I still think it should be trashed. Saying that SSH supports public-key authentication is enough - just provide a link to the main Public-Key Cryptography article - there's nothing too revolutionary about SSH's implementation of it, and this section is just a poor overview of public-key cryptography. My golden retriever can write better than this - poor grammar, too many colloquialisms, and what the hell is a "Padlock" (mind you, this links to the article about the physical padlock...)?! Alright, enough moaning, tell me what you all think. Alg8662 03:03, 21 January 2007 (UTC)

    Don't worry! You can fix it yourself! :) Just remember to put a little something in the edit summary next time. (put [[cryptography]] in the article) Oh, by the way...Who's moaning?--Root2 03:27, 21 January 2007 (UTC)

    openssh supports also full VPN[edit]

    • openssh based vpn is a simple and quite good tcp based vpn. Really easy to set up, between unixes. More info is on man page and the key is to use -w and tun devices.
    • Any SSH implementation can do VPN by using PPP and attaching the SSH session to named pipes.

    The "H"[edit]

    What does the "H" in "SSH" stand for? Boxmann (talk) 18:18, 16 January 2008 (UTC)

    Secure SHell. --Kgfleischmann (talk) 05:50, 17 January 2008 (UTC)

    Needs cleanup[edit]

    I don't know a lot about templates, but I know the article needs to be cleaned up, especially the "Uses of SSH" section and the section right after it. Anyone know of a template that says "this article needs to be edited"? They were written to be in bullet format, but it doesn't work because each point is a large paragraph. The first letter of each paragraph needs to be capitalized too. Entbark (talk) 22:46, 5 February 2008 (UTC)

    I agree. I took the liberty of trying to do a little clean-up on the 'Uses' section, but it could still use more. drt1245 (talk) 15:56, 15 March 2008 (UTC)

    forward security?[edit]

    Needs to mention if ssh is (perfect) forward secure - I'm uncertain about this.-- (talk) 08:37, 22 August 2008 (UTC)

    Security Concerns edit[edit]

    I have removed the two odd paragraphs in this section. diff

    Judging by the only other edit from this IP (diff), later edited out here, I think that, improbable as it may seem, these edits were made by an anti-ssh, pro-telnet advocate. Odd.

    Anyway, explaining here in case anyone has any strong objections. demonburrito (talk) 12:05, 20 February 2009 (UTC)

    I've heard somewhat similar complaints about things like SSH, I'm not sure I would really classify this as being dubious. It is, however, unsourced. Wrs1864 (talk) 12:38, 20 February 2009 (UTC)
    If you want to know more, just read the man pages for sshd and sshd_config. They're really not very good complaints. And nothing, imho, trumps the fundamental flaw with plain-text authentication.
    If it's the deeper philosophical question about encryption that worries you, a NPOV statement would read something like this:

    Some operators of networks disallow the use of ssh clients because it undermines their ability to eavesdrop on communications to destinations outside of their network.

    Feel free to contact me on my talk page, if you wish. demonburrito (talk) 14:07, 20 February 2009 (UTC)

    I believe that there is not necessarily a risk of password leak if you accept an attacker's public key, so long as you are using key only authentication (i.e. not password). I would think it uses some sort of challenge response mechanism which does not disclose the password or private key. Can someone confirm, and if so, I will update the paragraph. BrentRockwood (talk) 10:03, 24 September 2009 (UTC)


    "An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, Linux, FreeBSD, Solaris and OpenVMS." (emphasis mine).

    I had heard that there was a fairly common, modern operating system called "Windows", so its absence from this passage (and from the rest of the article) was notable. Lower down, there is a pic of something running SSH on Windows, and in the external links there are apps to run SSH on Win (not referring to the Unix emulator, but to the MobaSSH). Question: Is any SSH-type stuff present on WinXP or Vista? If not, is there a specific reason? Incompatibility? Competes with MS sw? Cheapness on the part of MS? Something like 90-95% of home computers run Windows (sad but true), so it seems the presence, absence, compatibility, etc. would be useful parts of the article. Please don't ask me to be bold and fix it myself. I don't have a clue -- that's why I came to this article. Thanks. Unimaginative Username (talk) 08:06, 23 February 2009 (UTC)

    Hmm. The statement is technically true; ie, most modern operating systems and not most users' operating system. Your point is taken, though. I can only speculate about why Windows is missing an ssh client, but it seems like it is an NIH thing and also that Windows comes in different versions with features stripped out. Would be hard to be encyclopedic about it and not be controversial. Anyway...
    In my experience, most people use PuTTY as an ssh client on Windows, and a wikilink to that article is under the See Also section. demonburrito (talk) 08:28, 23 February 2009 (UTC)
    Thanks. Yes, I did realize that the statement was technically correct; if there are six squirrels and one elephant, then most of the animals are squirrels. It just seemed that mentioning the elephant was pertinent. I agree that speculation is always inappropriate here, controversial or not (I agree with NIH - big problem at MS); however, if it is a *fact* that Windows does not come OOB with SSH, then perhaps some statement such as "Microsoft Windows operating systems generally do not contain SSH components, but third-party vendors offer software to enable SSH on Windows" would be of interest to readers. (Please fix any errors in that statement, since I don't know what I'm talking about.) As far as verifiability, it's impossible to prove a negative, but a search of the MS Knowledge Base for "secure shell" showed only a reference to a third-party product, MKS Secure Shell Service from MKS, Inc. Seems like pretty reliable evidence that there's no native SSH in Win. Thanks again, Unimaginative Username (talk) 07:13, 24 February 2009 (UTC)
    actually, ubuntu also does not have ssh on a new install, but you can get it by typing sudo apt-get install ssh. so it's easy. but that sort of makes it the same as windows, which also requires the user to install ssh. so if windows is omitted from the line "modern operating systems...", then linux should be omitted too. by the way, linux is a kernel, not an operating system. (talk) 01:51, 13 March 2009 (UTC)
    You are wrong. Twice. First, a clean Ubuntu install does come with an ssh client (package openssh-client), you can try it via the live CD before you decide to actually install Ubuntu. (Perhaps you were thinking of the ssh server, which is not installed per default. And please beware, the Ubuntu package named 'ssh' is just a meta-package that covers both the client and server). Secondly, the fact that Ubuntu maintains and includes in its distribution a package with an ssh client and another with an ssh server means that Ubuntu does come with ssh(d), regardless of whether such a package is installed per default or not. What counts is that the package is maintained and distributed by Ubuntu - as opposed to Windows, where a good deal of the software is not supported nor distributed by Microsoft, e.g. putty. Lklundin (talk) 09:42, 13 March 2009 (UTC)
    I think Ubuntu only prepare and test a precompiled package of SSH, do not mantain anything but distribution installer. Linux Ubuntu is a Debian. Anyway Microsoft distribute SFU Microsoft_Windows_Services_for_UNIX for Posix compatibility, and contribute to precompile and test some optional packages, where there is OpenSSH for Win32: --Efa2 (talk) 14:54, 28 March 2009 (UTC)
    I've actually clarified this, and it now reads as it should, "most distributions of gnu/linux". HuGo_87 (talk) 10:33, 30 January 2011 (UTC)


    spyware is this software a type of spyware. shiv —Preceding unsigned comment added by (talk) 12:49, 29 December 2009 (UTC)

    Is that a question? If so, the answer is "no". KitchM (talk) 00:59, 20 March 2011 (UTC)

    Synonyms for SSH?[edit]

    Has anyone ever heard of an synonym of SSH being Secure Socket Host? I'm currently studying for my A+ exam and out of chance I happened to search for SSH and was surprised to find a different synonym meaning. The actual definition of the protocol seems to be the same, however. I am using Cisco material, which you would think would be a very credible source. —Preceding unsigned comment added by (talk) 02:54, 16 April 2010 (UTC)

    Maybe it was just a mistake by whomever wrote that material. Google "Secure Socket Host", and you get nothing relevant. I've never heard of it either, and there's no mention in wikipedia. Maybe you could like to this material. HuGo_87 (talk) 10:35, 30 January 2011 (UTC)

    Popular culture reference?[edit]

    Is it worth adding to this article that Jonathan Rosenberg's Scenes From a Multiverse refers to sshd as a Daemon in the supernatural sense here: [1]--Theodore Kloba (talk) 17:19, 4 November 2010 (UTC)

    Misleading Mess[edit]

    This article is a mess. The subject is "Secure Shell" and there are only two words, making it reasonable to queston if the article is indeed about a "shell".

    The whole thing deteriorates from there into misleading information because the initial issues have been side-stepped and not addressed properly, leading to all of the good and legitimate questions posted here.

    Einstien said that a person doesn't know their stuff unless they can explain it in simple terms. It is time that someone who thinks they know steps up and explains in simple terms why it is called a shell and why that is incorrect.

    Further, the next question is how ssh relates to the window one sees when they hook up remotely and start typing commands at the cli.

    These are all things that need explanation. KitchM (talk) 00:56, 20 March 2011 (UTC)

    yes. all of that was wrong.[edit]

    much more important for it to be verifiable and formal than comprehensible — Preceding unsigned comment added by Conspiritech (talkcontribs) 05:40, 26 January 2013 (UTC)

    While I too feel it's important to make articles like this more accessible to the general public, we do have to be formal with the tone we write in. In addition, "more important...than remote desktop protocol" is both unsourced and non-neutral, and you shouldn't include the reader in the article ("connects you to..." should be avoided). In my opinion what you added wasn't more comprehensible to the general reader as it still mentioned TCP/IP and keys. To improve, I might suggest the addition of a verifiable paragraph to the beginning of the article or the Definition section, but this would be difficult in my opinion to convey to someone who does not know much about computing.--Jasper Deng (talk) 05:48, 26 January 2013 (UTC)

    Indefinite article[edit]

    See Wikipedia:Administrators' noticeboard/Incidents#User: 109.77.xx.xx and the indefinite article and Talk:XMPP#Please discuss changes to the indefinite article. Andrewa (talk) 15:06, 24 May 2013 (UTC)

    Explain public/private key[edit]

    I redirected the SSH public key article so we can talk specifically about the uses of the term and its definition, history, etc in the context of developing the secure shell, modern UNIX/internet culture and cryptography. I then reverted myself because I realized it made no sense to have an article about public keys that doesn't talk about private keys. What is the right title for this article or does it already exist? Andrevan@ 16:57, 28 November 2013 (UTC)

    Please see my last edits[edit]

    I think the opener needs some clarifications and simplifications. Thanks. Ben-Natan (talk) 06:38, 18 March 2015 (UTC)

    I think the first passage of the article should split[edit]

    I think it should be splitted to 3 different parts... Ben-Natan (talk) 17:10, 18 March 2015 (UTC)