From ac4107ceea994f028ae67b43dbe6676b9ccf2b3b Mon Sep 17 00:00:00 2001 From: tmanevik Date: Thu, 19 Mar 2015 14:00:43 +0100 Subject: Editorial updates SSH application --- lib/ssh/doc/src/introduction.xml | 182 +++++++++++++++++++++++++++++++++++---- 1 file changed, 166 insertions(+), 16 deletions(-) (limited to 'lib/ssh/doc/src/introduction.xml') diff --git a/lib/ssh/doc/src/introduction.xml b/lib/ssh/doc/src/introduction.xml index b42910cb34..70c6fb2ee1 100644 --- a/lib/ssh/doc/src/introduction.xml +++ b/lib/ssh/doc/src/introduction.xml @@ -25,31 +25,181 @@ Introduction OTP team + + + + + + introduction.xml - +

SSH is a protocol for secure remote logon and + other secure network services over an insecure network.

- Purpose + Scope and Purpose -

Secure Shell (SSH) is a protocol for secure remote login and - other secure network services over an insecure network. SSH - provides a single, full-duplex, byte-oriented connection between +

SSH provides a single, full-duplex, and byte-oriented connection between client and server. The protocol also provides privacy, integrity, - server authentication and man-in-the-middle protection.

- -

The Erlang SSH application is an implementation of the SSH - protocol in Erlang which offers API functions to write customized - SSH clients and servers as well as making the Erlang shell - available via SSH. Also included in the SSH application are an - SFTP (SSH File Transfer Protocol) client ssh_sftp and server ssh_sftpd.

+ server authentication, and man-in-the-middle protection.

+ +

The ssh application is an implementation of the SSH Transport + Layer Protocol in Erlang. It provides the following:

+ + API functions to write customized SSH clients and servers + The Erlang shell available through SSH + An SFTP client (ssh_sftp) + and server (ssh_sftpd) +
Prerequisites -

It is assumed that the reader is familiar with the concepts of OTP - and has a basic understanding of public keys.

+

It is assumed that the reader is familiar with the Erlang programming language, + concepts of OTP, and has a basic understanding of public keys.

+
+ +
+ SSH Protocol Overview + +

Conceptually, the SSH protocol can be partitioned into four + layers:

+ + + SSH Protocol Architecture + + +
+ Transport Protocol + +

The SSH Transport Protocol is a secure, low-level transport. + It provides strong encryption, cryptographic host + authentication, and integrity protection. A minimum of + Message Authentication Code (MAC) and encryption + algorithms are supported. For details, see the + ssh(3) manual page in ssh.

+
+ +
+ Authentication Protocol + +

The SSH Authentication Protocol is a general-purpose user + authentication protocol run over the SSH Transport Layer + Protocol. The ssh application supports user authentication as follows: +

+ + + Using public key technology. RSA and DSA, X509-certificates + are not supported. + + + Using keyboard-interactive authentication. + This is suitable for interactive authentication methods + that do not need any special software support on the client side. + Instead, all authentication data is entered from the keyboard. + + + Using a pure password-based authentication scheme. + Here, the plain text password is encrypted before sent + over the network. + + +

Several configuration options for + authentication handling are available in + ssh:connect/[3,4] + and ssh:daemon/[2,3].

+

+ The public key handling can be customized by implementing + the following behaviours from ssh:

+ + Module + ssh_client_key_api. + + Module + ssh_server_key_api. + + +
+ +
+ Connection Protocol + +

The SSH Connection Protocol provides application-support + services over the transport pipe, for example, channel multiplexing, + flow control, remote program execution, signal propagation, and + connection forwarding. Functions for handling the SSH + Connection Protocol can be found in the module ssh_connection in ssh. +

+
+ +
+ Channels + +

All terminal sessions, forwarded connections, and so on, are + channels. Multiple channels are multiplexed into a single + connection. All channels are flow-controlled. This means that no + data is sent to a channel peer until a message is received to + indicate that window space is available. + The initial window size specifies how many bytes of channel + data that can be sent to the channel peer without adjusting the + window. Typically, an SSH client opens a channel, sends data (commands), + receives data (control information), and then closes the channel. + The ssh_channel behaviour + handles generic parts of SSH channel management. This makes it easy + to write your own SSH client/server processes that use flow-control + and thus opens for more focus on the application logic. +

+ +

Channels come in the following three flavors:

+ + + Subsystem - Named services that can be run as + part of an SSH server, such as SFTP (ssh_sftpd), that is built into the + SSH daemon (server) by default, but it can be disabled. The Erlang ssh + daemon can be configured to run any Erlang- + implemented SSH subsystem. + + Shell - Interactive shell. By default the + Erlang daemon runs the Erlang shell. The shell can be customized by + providing your own read-eval-print loop. You can also provide your + own Command-Line Interface (CLI) implementation, + but that is much more work. + + Exec - One-time remote execution of commands. See function + ssh_connection:exec/4 + for more information. + +
+ + +
+
+ Where to Find More Information +

+ For detailed information about the SSH protocol, refer to the + following Request for Comments(RFCs): +

+ + + RFC 4250 - + Protocol Assigned Numbers + RFC 4251 - + Protocol Architecture + RFC 4252 - + Authentication Protocol + RFC 4253 - + Transport Layer Protocol + RFC 4254 - + Connection Protocol + RFC 4255 - + Key Fingerprints + RFC 4344 - + Transport Layer Encryption Modes + RFC 4716 - + Public Key File Format + +
-- cgit v1.2.3