Once
upon a time, a very long time ago now, way-way before last
Friday, when
no-one cared about hackers and phishers, bunch of smart people invented
lots of very useful network protocols. Some of them (like
telnet) allowed operators to
access remote computers. Others(like
POP3)
let e-mail clients to communicate with e-mail servers. And yet another
(like
HTTP) let people spend
time reading
news or
researching next car (which
otherwise will be wasted on something boring like work or
studying). In a relatively short period of time the whole
bunch of protocols was invented and
lots of applications created, which employed these protocols.
Very soon people realized that most of these protocols are not very
secure. For starters, almost none of them used any kind of encryption
(luck of encryption was not the only problem with earlier protocols,
but it is the one that could be easily explained.). So, for example,
when you are checking your e-mail on
POP3 server, while on
public network, anyone with simple packet sniffer can see something
like this:
# tcpflow -c host 206.190.53.11
tcpflow[10403]: listening on en0
206.190.53.11.110-10.10.0.1.64658:
+OK hello from popgate(2.33.3)
10.10.0.1.64658-206.190.53.11.110:
USER yourname
206.190.53.11.110-10.10.0.1.64658:
+OK password required.
10.10.0.1.64658-206.190.53.11.110:
PASS yourpassword
206.190.53.11.110-10.10.0.1.64658:
+OK maildrop ready, 7 messages (94268 octets) (94836 2147483648)
10.10.0.1.64658-206.190.53.11.110:
STAT
206.190.53.11.110-10.10.0.1.64658:
+OK 7 94268
As you can see, they (bad guys with a sniffer) can see your user name
and password in the clear text!!! This is just plain wrong. Hacking
should not be that easy.
Fast forward to 1995. This is when first version of
SSH was created. In a
nutshell,
SSH is secure
version of
telnet with some very-very
useful extensions. So like in case of
telnet, major purpose of
SSH is to let you connect
to remote host. And connect it does! Unlike
telnet, not only all your
communications are encrypted, but if you are connecting to host
A,
SSH making sure that it is
host
A you are connecting to,
not
some other host, which only pretends to be host
A. But SSH is much more than secure
telnet. It allows to build
tunnels
for other protocols. So such un-secure protocol like POP3 could be
tunneled via SSH connection and gain most of security benefits of
SSH. Below is an example of the very same POP3 session as before,
but now tunneled via SSH conneciton:
#tcpflow -c port
22
tcpflow[11095]: listening on en0
10.10.0.100.22-10.10.0.1.64671: SSH-1.99-OpenSSH_3.8.1p1
10.10.0.1.64671-10.10.0.100.22: SSH-1.5-OpenSSH_3.8.1p1
10.10.0.100.22-10.10.0.1.64671:............cYA..@......#......._`.f.....mz.Q|
.C.9...Q.8.xg..I.R...s..t.5n.....t.&.......@...f..@.B.U.8..........KHz.L.K..o
......#....T.R../H......^".k.7.w&....".......n.e..N...z..T..C.2.....,.....q..
Y0Z.;.!?..S....q:.....k.+d...M:.$.m........H...$....
u..xC=.U.cc. .A..0qQ|8792.168.013.210.00022:
............cYA..@..*..OL.l<...y
.....l..$5.........
.....TK8...kV..\...T....E...S.DeE.zo.A'../........-.~..{..3.p.(3?g.pmC......4...
10.10.0.100.22-10.10.0.1.64671: .....F.K1.0.
Looks much better!!! It will take some heavy duty head scraching for
bad guys to decipher this.