IBM®
Skip to main content
    United States change      Terms of use
 
 
Select a scope:    
     Home      Products      Services & industry solutions      Support & downloads      My account     
alphaWorks  >  Privacy and security  >  

IBM Secure Shell Library for Java

A lightweight implementation of the Internet Engineering Task Force (IETF) Secure Shell (SSH-2) protocol.


Date Posted: April 18, 2006
OverviewRequirements Download FAQs Forum Reviews

What is IBM Secure Shell Library for Java?

The Secure Shell (SSH-2 or simply SSH) is a protocol for secure remote log-in and other secure network services over an insecure network. The protocol consists of three major components:

  • The Transport Layer Protocol provides server authentication, confidentiality, and integrity.
  • The User Authentication Protocol authenticates the client to the server.
  • The Connection Protocol multiplexes the encrypted tunnel into several logical channels.

Note that even though SSH stands for "Secure Shell," it is not a shell like the Bash shell known under UNIX operating systems or the command line under Windows. SSH is a protocol, not a product, and the SSH standard defines the protocol only. Also note that the protocol is still in "draft" status, but is due soon; however, it is fairly mature.

IBM Secure Shell Library for Java is a lightweight implementation of the IETF SSH-2 protocol. The library currently implements only the basic SSH features such as password log-in and command execution. Advanced features such as tunning and X-forwarding are currently not supported.

How does it work?

A session is started with a handshake in order to determine the security mechanisms to be used (the client and server must, of course, agree on this). The process is as follows:
  1. Decide on security parameters.
  2. Establish a shared secret in order to protect the communication.
  3. Authenticate the previous exchange.
  4. Authenticate the client and server.

This process is similar to that of the SSL protocol (for good reason). From a high-level point of view, the main difference between the two is that SSL relies on a PKI and, therefore, on X.509 certificates. The SSH protocol was created with extensibility in mind and consequently supports a wide range of authentication methods, including passwords and X.509 certificates.


About the technology author(s):
Martin Clausen is an IT specialist working in the IBM Crypto Competence Center located in Copenhagen, Denmark. He has been with IBM since mid-2003. Mr. Clausen has been involved with the development of cryptographic toolkits designed to run on all kinds of platforms; these toolkits are used extensively within IBM. He has recently been on an assignment at IBM Research in Zurich. In 2003, he received an M. Sc. in engineering from the Technical University of Denmark (DTU), where he worked extensively with cryptology. Mr. Clausen's areas of expertise include PKI solutions, programming, and Linux.

Download now Download now

Related technologies

For platform(s):
Java

For topics:
Authentication, encryption, Networking, security, Secure Shell (SSH)


Related resources

Press Articles
 

    About IBM      Privacy      Contact