This glossary defines some of the terms, abbreviations, and acronyms
found in this document.
|asymmetric key|| |
The use of two different keys (public and private) to authenticate a
The process of determining another's identity. For example, the SSH
server identifies itself to a connecting client during session setup using
the server host key and the public/private keypair. The SSH client uses password,
publickey, or hostbased authentication to establish its identity to the server.
|authentication agent|| |
The SSH_AGENT utility, which allows you to manage keys.
The process of modifying the data stream such that it can only be read
by the appropriate decryption technique.
|data integrity|| |
The state that exists when data has not been changed.
The process of modifying encrypted data so that it can be read.
Private digital key signature algorithm
The process of modifying data to make it impossible to be read except
by the proper decryption function.
GSSAPI Authentication and Key Exchange for the Secure Shell Protocol
(a Kerberos authentication method).
|host-based authentication|| |
The authentication method where the client and server hosts authenticate
|host keys|| |
The public-private key pair that identifies the server host.
The security protocol that provides strong authentication by using secret-key
|kerberos password authentication|| |
The authentication method used by Kerberos—aware applications.
|known hosts database|| |
The database that contains public keys for all client hosts that use
the host-based authentication method to connect to the server.
The function that identifies data so that a user or entity cannot deny
ownership or action related to the data.
|password authentication|| |
The authentication method in which the client transmits an encrypted
password encrypted to the server.
|port forwarding|| |
The function of encapsulating the TCP-based communication session between
the SSH client and the SSH server programs. The result is a secure tunnel.
|private key|| |
Of the key pair, the key that is known only to the user. When a message
is encrypted with a public key, it can only be decrypted using the private
|public key|| |
Of the key pair, the key that is distributed to other systems as part
of authentication or another security procedure.
|public-key cryptography|| |
A method of identifying hosts and users using two cryptographically
generated keys: a public key and a private key.
|public-private key pair|| |
The set of keys required to perform cryptographic security.
|public-key authentication|| |
The authentication method that uses public-key cryptography to verify
the client's identity and requires two pieces of data: your private-public
key pair, and, optionally, a passphrase.
|public key cryptography|| |
The process of using a pair of mathematically related keys to verify
the identity of hosts and users.
|remote command execution|| |
The process of establishing an interactive session on a remote system
without connecting to it (also called tunneling).
|remote login|| |
The process of logging into a system running the SSH server from another
system. SSH ensures the data communicated between your client and the SSH
server is secure.
Rivest-Shamir-Adelman. A private key encryption algorithm
|Secure Shell|| |
The Internet standard for secure file transfers and remote login and
command execution. Also known as SSH.
|Secure Shell client|| |
See SSH client.
|Secure Shell server|| |
See SSH server.
|secure tunnel|| |
A communication path established for securely transmitting data using
applications that are not SSH-aware.
See Secure Shell. In the context of the TCP/IP Services for OpenVMS
documentation, this is also referred to as SSH for OpenVMS.
|SSH client|| |
Secure Shell client.
|SSH server|| |
Secure Shell server.
|stream-LF file|| |
File record format in which data is stored as a stream of bytes.
|trusted hosts|| |
Hosts to which you can log in without proving your identity.
See Remote Command Execution.
|variable-length file|| |
Record-oriented file structure inwhich the length of the record varies,
and is determined from an explicit field or end-of-record marker.
A protocol for displaying X terminal formatted server data on client
|X11 port forwarding|| |
An authentication method that encrypts X protocol, which is used by
X Window systems.
|X Window System|| |
A protocol for displaying server data on a client system.