SSH (Secure Shell) is one of the most widely-used network protocols supporting secure data communication in academia and industry today. The protocol supports remote command execution, command-line login, and other secure network services between two networked computer hosts. The computers make use of a secure channel that is setup over an insecure network and both a client and server computer that run the applicable SSH server and client applications. The two major versions of SSH in use today are SSH-1 and SSH-2. The encryption built-in to SSH communications helps provide both data integrity and confidentiality when communicating over a network or the Internet as compared to the legacy protocol, Telnet.
How Does SSH (Secure Shell) Work?
Secure Shell (SSH) leverages public key cryptography in order to authenticate both the remote computer and user (if required). There are a number of ways that SSH is employed throughout industry. One of the methods is to have the system automatically create public and private key pairs to encrypt the network connection. When using this method, password authentication is required in order to allow the end-user to log on to the system.
An alternative method for the use of SSH is to setup the system to use manually created public and private key pairs to conduct network authentication. This method allows other programs or users to log-in without having to use password authentication. In this application, any end-user is able to generate a matching pair of keys. Once created, the public key is then sent to all computers that are required to allow access to the respective owner of the matching private key (the private key has to be kept secret). Although the authentication is based on the private key in this case, the key is not transferred over the network during the authentication phase of communications. Instead, Secure Shell will verify that the computer which is offering the public key also has ownership of the private key.
In every version of SSH, it is a critical requirement to validate all unknown public keys to associate computer hosts with identities. This step is required before accepting a connection as a valid attempt. If a rogue actor or hacker’s public key is accepted without validation, then unauthorized access to system resources could be granted.
SSH
It is a good idea to use SSH for remote administration purposes (instead of rlogin, for example). But note that it is not used to secure communication among the elements in a Hadoop cluster (DataNode, NameNode, TaskTracker or YARN ResourceManager, JobTracker or YARN NodeManager, or the /etc/init.d scripts that start daemons locally).
The Hadoop components use SSH in the following cases:
The sshfencer component of High Availability Hadoop configurations uses SSH; the shell fencing method does not require SSH.
Whirr uses SSH to enable secure communication with the Whirr cluster in the Cloud. See the Whirr Installation instructions.