[deployment-guide/comm-rel: 17/41] Updated the Main Features section.
dsilas
dsilas at fedoraproject.org
Fri Jul 16 08:53:18 UTC 2010
commit 986433807b48922a5bb9e458e82e02cee0e638f7
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Fri Jul 9 19:32:44 2010 +0200
Updated the Main Features section.
I have also moved the list of the packages that are shipped with Red Hat
Enterprise Linux to the introduction, since it actually makes more sense
to have it there.
en-US/OpenSSH.xml | 102 ++++++++++++++++++++++++++++++++++------------------
1 files changed, 67 insertions(+), 35 deletions(-)
---
diff --git a/en-US/OpenSSH.xml b/en-US/OpenSSH.xml
index 55a136e..c8fee55 100644
--- a/en-US/OpenSSH.xml
+++ b/en-US/OpenSSH.xml
@@ -12,6 +12,9 @@
<para>
The <application>ssh</application> program is designed to replace older, less secure terminal applications used to log into remote hosts, such as <command>telnet</command> or <command>rsh</command>. A related program called <command>scp</command> replaces older programs designed to copy files between hosts, such as <command>rcp</command>. Because these older applications do not encrypt passwords transmitted between the client and the server, avoid them whenever possible. Using secure methods to log into remote systems decreases the risks for both the client system and the remote host.
</para>
+ <para>
+ &MAJOROS; includes the general OpenSSH package (<filename>openssh</filename>) as well as the OpenSSH server (<filename>openssh-server</filename>) and client (<filename>openssh-clients</filename>) packages. Note, the OpenSSH packages require the OpenSSL package (<filename>openssl</filename>) which installs several important cryptographic libraries, enabling OpenSSH to provide encrypted communications.
+ </para>
<section id="s1-ssh-protocol">
<title>The SSH Protocol</title>
<section id="s2-ssh-why">
@@ -51,8 +54,8 @@
Both techniques intercept potentially sensitive information and, if the interception is made for hostile reasons, the results can be disastrous. If SSH is used for remote shell login and file copying, these security threats can be greatly diminished. This is because the SSH client and server use digital signatures to verify their identity. Additionally, all communication between the client and server systems is encrypted. Attempts to spoof the identity of either side of a communication does not work, since each packet is encrypted using a key known only by the local and remote systems.
</para>
</section>
- <section id="s2-ssh-goals">
- <title>SSH Design Goals</title>
+ <section id="s2-ssh-features">
+ <title>Main Features</title>
<indexterm>
<primary>SSH protocol</primary>
<secondary>features of</secondary>
@@ -64,43 +67,72 @@
<para>
The SSH protocol provides the following safeguards:
</para>
- <itemizedlist>
- <listitem>
- <para>
- After an initial connection, the client can verify that it is connecting to the same server it had connected to previously.
- </para>
- </listitem>
- <listitem>
- <para>
- The client transmits its authentication information to the server using strong, 128-bit encryption.
- </para>
- </listitem>
- <listitem>
- <para>
- All data sent and received during a session is transferred using 128-bit encryption, making intercepted transmissions extremely difficult to decrypt and read.
- </para>
- </listitem>
- <listitem>
- <para>
- The client can forward X11<footnote><para>X11 refers to the X11R7 windowing display system, traditionally referred to as the X Window System or X. &MAJOROS; includes X11R7, an open source X Window System.</para></footnote> applications from the server. This technique, called <firstterm>X11 forwarding</firstterm>, provides a secure means to use graphical applications over a network.
- </para>
- </listitem>
- </itemizedlist>
- <para>
- Because the SSH protocol encrypts everything it sends and receives, it can be used to secure otherwise insecure protocols. Using a technique called <firstterm>port forwarding</firstterm>, an SSH server can become a conduit to securing otherwise insecure protocols, like POP, and increasing overall system and data security.
- </para>
- <para>
- The OpenSSH server and client can also be configured to create a tunnel similar to a virtual private network for traffic between server and client machines.
- </para>
- <para lang="en-US,as-IN,bn-IN,gu-IN,hi-IN,kn-IN,ml-IN,mr-IN,or-IN,pa-IN,si-LK,ta-IN,te-IN,pt-BR">
- Finally, OpenSSH servers and clients can be configured to authenticate using the GSSAPI implementation of the Kerberos network authentication protocol. For more information on configuring Kerberos authentication services, refer to <!-- TBD6: <xref linkend="ch-kerberos" /> -->.
- </para>
+ <variablelist>
+ <varlistentry>
+ <term>No one can pose as the intended server</term>
+ <listitem>
+ <para>
+ After an initial connection, the client can verify that it is connecting to the same server it had connected to previously.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>No one can capture the authentication information</term>
+ <listitem>
+ <para>
+ The client transmits its authentication information to the server using strong, 128-bit encryption.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>No one can intercept the communication</term>
+ <listitem>
+ <para>
+ All data sent and received during a session is transferred using 128-bit encryption, making intercepted transmissions extremely difficult to decrypt and read.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
<para>
- &MAJOROS; includes the general OpenSSH package (<filename>openssh</filename>) as well as the OpenSSH server (<filename>openssh-server</filename>) and client (<filename>openssh-clients</filename>) packages. Note, the OpenSSH packages require the OpenSSL package (<filename>openssl</filename>) which installs several important cryptographic libraries, enabling OpenSSH to provide encrypted communications.
+ Additionally, it also offers the following options:
</para>
+ <variablelist>
+ <varlistentry>
+ <term>It provides secure means to use graphical applications over a network</term>
+ <listitem>
+ <para>
+ Using a technique called <firstterm>X11 forwarding</firstterm>, the client can forward <firstterm>X11</firstterm> (<firstterm>X Window System</firstterm>) applications from the server.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>It provides a way to secure otherwise insecure protocols</term>
+ <listitem>
+ <para>
+ The SSH protocol encrypts everything it sends and receives. Using a technique called <firstterm>port forwarding</firstterm>, an SSH server can become a conduit to securing otherwise insecure protocols, like <acronym>POP</acronym>, and increasing overall system and data security.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>It can be used to create a secure channel</term>
+ <listitem>
+ <para>
+ The OpenSSH server and client can be configured to create a tunnel similar to a virtual private network for traffic between server and client machines.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>It supports the Kerberos authentication</term>
+ <listitem>
+ <para>
+ OpenSSH servers and clients can be configured to authenticate using the <acronym>GSSAPI</acronym> (Generic Security Services Application Program Interface) implementation of the Kerberos network authentication protocol.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</section>
<section id="s2-ssh-versions">
- <title>SSH Protocol Versions</title>
+ <title>Protocol Versions</title>
<indexterm
significance="normal">
<primary>SSH protocol</primary>
More information about the docs-commits
mailing list