Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Features of OpenSSH

&pagelevel(4)&pagelevel

OpenSSH is characterized by the following features:

  • Strong encryption

  • Automatic and transparent encryption

  • Strong authentication

  • Interoperability

  • Transmission of binary data and data compression

  • Agent forwarding

  • TCP forwarding


Strong encryption

OpenSSH supports the encryption algorithms AES, ChaCha20 and 3DES; the support of Blowfish, Cast128 and Arcfour will be presumably omitted soon.

  • AES is a high-speed block encryptor. AES satisfies the US Federal Information Processing Standard (FIPS) Advanced Encryption Standard and was developed as a replacement for DES.

  • 3DES is a tried and tested encryption algorithm for strong encryption. 3DES is now showing signs of weaknesses because of its short 64 bit block length and will therefore no longer be supported by OpenSSH in the medium term.

  • ChaCha20 is a fast stream encryptor to replace Arcfour, which has fallen into disrepute due to security issues.


Automatic and transparent encryption

By default, encryption of all communication between the OpenSSH client and the OpenSSH server is performed automatically and transparently. A symmetrical encryption method is used for this purpose, for example AES oder ChaCha20.


Strong authentication

Authentication of the OpenSSH server to the OpenSSH client is based on the asymmetrical encryption algorithms RSA, DSA , ECDSA and Ed25519. Several methods are available for authenticating the OpenSSH client to the OpenSSH server (see "Authentication between OpenSSH client ssh and server sshd").


Transmission of binary data and data compression

Transmission of binary data via the network is supported. Optional data compression before encryption enhances the performance when transmitting over low-speed network connections.


Agent forwarding

In the case of agent forwarding the authentication agent (see the interNet Services User Guide) which runs on your local computer administers your authentication keys (RSA/DSA/ECDSA/Ed25519). OpenSSH can automatically forward the connection to the authentication agent via any network connection. The authentication keys then only need to be kept on your local computer, but not on any other computer in the network.


Port forwarding (TCP forwarding)

Port forwarding makes insecure TCP/IP connections secure by forwarding (tunnelling) TCP/IP connections to a remote computer using an encrypted protocol. Port forwarding implements mapping of a local port on the client computer onto a port on the remote computer.

Powered by Atlassian Confluence and Scroll Viewport.