From ac4107ceea994f028ae67b43dbe6676b9ccf2b3b Mon Sep 17 00:00:00 2001
From: tmanevik
Date: Thu, 19 Mar 2015 14:00:43 +0100
Subject: Editorial updates
SSH application
---
lib/ssh/doc/src/introduction.xml | 182 +++++++++++++++++++++++++++++++++++----
1 file changed, 166 insertions(+), 16 deletions(-)
(limited to 'lib/ssh/doc/src/introduction.xml')
diff --git a/lib/ssh/doc/src/introduction.xml b/lib/ssh/doc/src/introduction.xml
index b42910cb34..70c6fb2ee1 100644
--- a/lib/ssh/doc/src/introduction.xml
+++ b/lib/ssh/doc/src/introduction.xml
@@ -25,31 +25,181 @@
Introduction
OTP team
+
+
+
+
+
+
introduction.xml
-
+ SSH is a protocol for secure remote logon and
+ other secure network services over an insecure network.
- Purpose
+ Scope and Purpose
- Secure Shell (SSH) is a protocol for secure remote login and
- other secure network services over an insecure network. SSH
- provides a single, full-duplex, byte-oriented connection between
+
SSH provides a single, full-duplex, and byte-oriented connection between
client and server. The protocol also provides privacy, integrity,
- server authentication and man-in-the-middle protection.
-
- The Erlang SSH application is an implementation of the SSH
- protocol in Erlang which offers API functions to write customized
- SSH clients and servers as well as making the Erlang shell
- available via SSH. Also included in the SSH application are an
- SFTP (SSH File Transfer Protocol) client ssh_sftp and server ssh_sftpd.
+ server authentication, and man-in-the-middle protection.
+
+ The ssh application is an implementation of the SSH Transport
+ Layer Protocol in Erlang. It provides the following:
+
+ - API functions to write customized SSH clients and servers
+ - The Erlang shell available through SSH
+ - An SFTP client (ssh_sftp)
+ and server (ssh_sftpd)
+
Prerequisites
- It is assumed that the reader is familiar with the concepts of OTP
- and has a basic understanding of public keys.
+ It is assumed that the reader is familiar with the Erlang programming language,
+ concepts of OTP, and has a basic understanding of public keys.
+
+
+
+ SSH Protocol Overview
+
+ Conceptually, the SSH protocol can be partitioned into four
+ layers:
+
+
+ SSH Protocol Architecture
+
+
+
+ Transport Protocol
+
+ The SSH Transport Protocol is a secure, low-level transport.
+ It provides strong encryption, cryptographic host
+ authentication, and integrity protection. A minimum of
+ Message Authentication Code (MAC) and encryption
+ algorithms are supported. For details, see the
+ ssh(3) manual page in ssh.
+
+
+
+ Authentication Protocol
+
+ The SSH Authentication Protocol is a general-purpose user
+ authentication protocol run over the SSH Transport Layer
+ Protocol. The ssh application supports user authentication as follows:
+
+
+ -
+ Using public key technology. RSA and DSA, X509-certificates
+ are not supported.
+
+ -
+ Using keyboard-interactive authentication.
+ This is suitable for interactive authentication methods
+ that do not need any special software support on the client side.
+ Instead, all authentication data is entered from the keyboard.
+
+ -
+ Using a pure password-based authentication scheme.
+ Here, the plain text password is encrypted before sent
+ over the network.
+
+
+ Several configuration options for
+ authentication handling are available in
+ ssh:connect/[3,4]
+ and ssh:daemon/[2,3].
+
+ The public key handling can be customized by implementing
+ the following behaviours from ssh:
+
+ - Module
+ ssh_client_key_api.
+
+ - Module
+ ssh_server_key_api.
+
+
+
+
+
+ Connection Protocol
+
+ The SSH Connection Protocol provides application-support
+ services over the transport pipe, for example, channel multiplexing,
+ flow control, remote program execution, signal propagation, and
+ connection forwarding. Functions for handling the SSH
+ Connection Protocol can be found in the module ssh_connection in ssh.
+
+
+
+
+ Channels
+
+ All terminal sessions, forwarded connections, and so on, are
+ channels. Multiple channels are multiplexed into a single
+ connection. All channels are flow-controlled. This means that no
+ data is sent to a channel peer until a message is received to
+ indicate that window space is available.
+ The initial window size specifies how many bytes of channel
+ data that can be sent to the channel peer without adjusting the
+ window. Typically, an SSH client opens a channel, sends data (commands),
+ receives data (control information), and then closes the channel.
+ The ssh_channel behaviour
+ handles generic parts of SSH channel management. This makes it easy
+ to write your own SSH client/server processes that use flow-control
+ and thus opens for more focus on the application logic.
+
+
+ Channels come in the following three flavors:
+
+
+ - Subsystem - Named services that can be run as
+ part of an SSH server, such as SFTP (ssh_sftpd), that is built into the
+ SSH daemon (server) by default, but it can be disabled. The Erlang ssh
+ daemon can be configured to run any Erlang-
+ implemented SSH subsystem.
+
+ - Shell - Interactive shell. By default the
+ Erlang daemon runs the Erlang shell. The shell can be customized by
+ providing your own read-eval-print loop. You can also provide your
+ own Command-Line Interface (CLI) implementation,
+ but that is much more work.
+
+ - Exec - One-time remote execution of commands. See function
+ ssh_connection:exec/4
+ for more information.
+
+
+
+
+
+
+ Where to Find More Information
+
+ For detailed information about the SSH protocol, refer to the
+ following Request for Comments(RFCs):
+
+
+
+ - RFC 4250 -
+ Protocol Assigned Numbers
+ - RFC 4251 -
+ Protocol Architecture
+ - RFC 4252 -
+ Authentication Protocol
+ - RFC 4253 -
+ Transport Layer Protocol
+ - RFC 4254 -
+ Connection Protocol
+ - RFC 4255 -
+ Key Fingerprints
+ - RFC 4344 -
+ Transport Layer Encryption Modes
+ - RFC 4716 -
+ Public Key File Format
+
+
--
cgit v1.2.3