ssh - Secure Shell A method of securing network-based connections to Unix/Linux servers at the X-session level is to use token-based authentication. This is based on exchange and challenge of "Magic Cookies", one supplied by the client and one maintained by the server. Secure Shell (ssh) is a method of keeping the tokens secure and securing the X data stream from being intercepted. ssh encrypts data passing between systems virtually eliminating attacks like IP spoofing, interception of plain text data like magic cookies and passwords, and attacks built using IP source routing. ssh can also tunnel several types of binary data streams such as the X-data stream. ssh can actually improve performance because it compresses data streams on the fly. SSL (secure Sockets Layer) was proposed originally by Netscape as a low level encryption scheme to encrypt transactions in higher level protocols like HTTP, NNTP, and FTP. The SSL protocol includes provisions for server authentication (verifying the server to the client), encryption of data in transit, and optional client authentication (verifying the client's identity to the server). Using SSL enabled clients and servers you can send encrypted messages without fear of interception. Public key encryption for user verification sits on top of SSL and relies on keys and certificates issued by Companies such as Versign and Thwate. SSL is most often mentioned in the context of securing web server transactions although Netscape Messenger can also use it for emails. The Netscape browser (4.7) has facilities for managing keys and certificates - click on the small security logo in the bottom left corner of the browser window to get to the security management menu. I'm not aware that MSIE provides the same facilities; does anyone know if it does and how to access it. A useful and interesting article on SSL and why it's not in Apache by default can be found at http://www.apacheweek.com/features/ssl SSLeay is a freely available implementation of SSL which can be easily integrated into Linux servers. Commercially available secure servers using SSL include Raven, Redhat Secure Server, and Stronghold. In article <[log in to unmask]>, Dave Knispel <dave.knispel@ FREQUENCYMARKETING.COM> writes >Questions. How does ssh (secure shell) compare to ssl (secure sockets >layer)? Any quicky answers I can give to the sales force? I know ssh >starts a secure session and ssl is used primarily for web sites. Is that >the main difference? >David Knispel >[log in to unmask] >Phone: 513-248-5029 >Fax: 513-248-2672 -- Chris Thompson Technical Director The Internet Agency, UK http://www.the-internet-agency.com European Distributors for Advanced Networks Systems Inc. Distributors of CCS TRAX and CCS C-iX 'C' compiler for MPE MPE migration tools and services IBM Development Partner Voice: +44 7836 364575 Fax: +44 1202 418209 Email [log in to unmask] ANSI - Advanced Network Systems Inc., USA http://www.advnetsys.com Voice: +1 908-638-3330 Fax: +1 908-638-3331 Email [log in to unmask] ---- * To join/leave the list, search archives, change list settings, * * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *