I have a Linux Mandrake 7.2 system and a cable modem and want to setup telnet shell accounts for a few good friends and myself... Each account having its own /home directory and login. I am hearing a lot latley about telnet being a big open hole to my computer, and I like having a secure system.
:: What exactly is ssh and how is it different from telnet.
:: What are the basic steps to setting up this senario?
Thanks for the advise/help :)

SSH is basicly a secure version of telnet in that it encrypts data back and forth between the client and the host. For example, when you are using telnet you are sending all of your information to the remote computer in plain text. This includes username and password. SSH encrypts this stuff. So if someone was to sniff your packets they would have a hard time decrypting the password and data. Whereas telnet packets are just plain old text data.. Everything you type or read comes out plain as day.

check out open ssh (http://www.openssh.com/) if you don't already have it installed on your machine.

Enjoy.

-ep0k

SSH can be more than just "encrypted telnet". If you have "password authentication" turned on, yes, it's basically just "encrypted telnet". It can also, as opposed to password authentication, use shared-key encryption technology rather than passwords. This is why it's really popular with security nuts. Passwords can be guessed, sniffed (some way or another), brute-forced, or stolen.

I can't fully describe how shared-key cryptography works, but basically every person or machine or entity has a key-pair: a public key, and a private key. A message that's encrypted with someone's public key and only be decrypted with their private key, and a message encrypted with the private key can only be decrypted with the public key. As to how this works... it's math.

The bad thing about passwords is that they have to be exchanged -- you have to GIVE your password to someone or something else in order to authenticate yourself. This can be very, very dangerous.

To see how public-key cryptography could make a shell connection like SSH safe, just think that you need to establish several things to be sure everything is legit:

1. You need to be sure that the machine you're connecting to is REALLY the machine you think it is.

2. The machine you're connecing to needs to be sure that YOU are really who YOU say you are.

So (I don't think that this is exactly how SSH works, but it's an example of the concept), let's imagine how that could be established without ANY secret information being exchanged.

Imagine that YOUR end of the connection encrypts a message with YOUR private key. You send this to the server you're connecting to. That server knows your public key (ideally, anybody you want to talk to securely should have your public key, and you can safely give it to anybody, because that's the point of it -- most people put their public keys on keyservers so anybody can look them up), so it can decrypt the message.

Now, the server knows that it's YOU that's connecting (or somebody who's stolen your private key, which is considerably harder than stealing a password, because unlike a password it's just a really HUGE number ((we're talking 2048 binary digits or even larger)), AND it's something the user never has to remember or type in, AND it's something that's never transmitted over a public chanel), and not somebody else.

So now the server knows who YOU are, it has to prove who IT is. So it encrypts a message with its private key, sends it to you, and your end of the connection decrypts it with that server's public key, which you know. Because you were able to do that, you now know absolutely for sure that the server you're connecting to is the one you think it is.

So mutual trust has been established, and NO passwords, private keys, or other secret information has been exchanged over the connection.

Ain't that cool?

From that point, everything is encrypted, and life is happy.

And with SSH, as long as you have all the keys in their proper places, all this happens TRANSPARENTLY, with no intervention from you -- it LOOKS like you're "telnetting" into a remote machine without even having to type a password, but behind the scenes, k-rad crypto stuff is establishing a mutual trust relationship between yourself and the server, so that both sides are sure that the other is who it claims it is!

Ain't that cool?

------------------
http://users.ipa.net/~cmcpher/paminv.gif DEBIAN (http://www.debian.org/) http://users.ipa.net/~cmcpher/paminv.gif
It turns girls into statues!

[This message has been edited by Craig McPherson (edited 13 January 2001).]

thanks for the info, does both parties have to have ssh installed? I'm guessing yes, so if so is it already commonly installed, I did ssh in terminal and it came up with all the possible flags and such so I am guessing I already have the client. Can anyone give me some basic steps to setting this all up, or point me to a web tutorial?
thanks for your help
---Charlie

The computer you're connecting to must have an SSH server installed. The computer you're connecting from must have an SSH client installed.

Thanks for the help guys, I should be able to set it up soon.