Free SSH/SecSH protocol suite featuring encryption for network services like remote file transfer or remote login
OpenSSH offers end-to-end encrypted substitutes for tools such as telnet, rlogin, and ftp. Unlike these legacy utilities, OpenSSH never transfers anything (including usernames and passwords) over the web in an unencrypted form, and provides host authentication, to check that you really are talking to the system you think you are and that no one else will be able to take over that session.
By completely encrypting all traffic OpenSSH effectively rules out eavesdropping, connection hijacking, and other similar attacks. Furthermore, OpenSSH brings to the table secure tunneling capabilitie, various authentication methods, and support for all SSH protocol versions.
- Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing).
- Improved privacy. All communications are automatically and transparently encrypted.
- Secure X11 sessions. The program automatically sets DISPLAY on the server machine, and forwards any X11 connections over the secure channel.
- Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions).
- No retraining needed for normal users.
- Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure RSA authentication never trusts anything but the private key.
- Client RSA-authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server RSA-authenticates the client machine before accepting .rhosts or /etc/hosts.equiv authentication (to prevent DNS, routing, or IP-spoofing).
- Host authentication key distribution can be centrally by the administration, automatically when the first connection is made to a machine.
- Any user can create any number of user authentication RSA keys for his/her own use.
- The server program has its own server RSA key which is automatically regenerated every hour.
- An authentication agent, running in the user's laptop or local workstation, can be used to hold the user's RSA authentication keys.
- The software can be installed and used (with restricted functionality) even without root privileges.
- The client is customizable in system-wide and per-user configuration files.
- Optional compression of all data with gzip (including forwarded X11 and TCP/IP port data), which may result in significant speedups on slow connections.
- Complete replacement for rlogin, rsh, and rcp.
In a hurry? Add it to your Download Basket!
What's New in This Release:
- Potentially-incompatible changes:
- sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default.
- The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options.
- sshd(8): Support for tcpwrappers/libwrap has been removed.