The Internet was originally developed in a much smaller and more collegial atmosphere, with very different security issues than we face online today. The most obvious sign of the disjunction between then and now is email -- spamming and commercial email fraud were not concerns when the basic email transfer protocols were created, and we feel that lack every day with spam.
Another problem area is traffic "sniffing", meaning unauthorized interception of communications. When the Internet connected a small number of privileged university campuses and government research centers, people worried much less about eavesdropping. There are two different areas of concern for eavesdropping: general communications, and passwords. While technically they're almost the same, passwords represent much higher efficiency for an attacker, since a single 8-character password can unlock full access to a computer or user's mailbox. Passwords are used for a variety of purposes, including file transfer (FTP, AppleShare), remote execution (telnet), and email (POP & IMAP). Fortunately, sniffing is much easier to fix technically than the spam problem.
Since interception of communications is more-or-less unavoidable on the Internet, privacy is gained by encrypting communications, so unauthorized parties are unable to decypher them. Aside from special-purpose encryption techniques, there are three types of encryption that are used in multiple different roles: SSL, SSH, and VPN. SSL works by encrypting an end-to-end connection, such as a web surfer to a web server. This is indicated by the prefix "https" in web URLs. VPNs are comprehensive. As described in "For Your Eyes Only: Virtual Private Networks" they encrypt all traffic from the protected computer(s) to the VPN server. SSH, however, is a bit more complicated.
The SSH suite of programs directly replaces a whole host of standard Unix tools, including telnet, rlogin, rsh, rcp, and ftp. In addition, ssh can be used to provided a point-to-point encrypted tunnel (somewhat like a VPN) for TCP connections. This is typically used to protect communications when SSL is not available, and VPN is either not available, or too much trouble.
The classic telnet program is fairly simple and very important -- it connects to another computer, running a telnet server (also called a "daemon"), and allows teh telnet user to log in; the telnet program then transfers characters back and forth, as if the user was using a physical terminal attached to the remote computer. The ssh goes this one better, by encrypting all the characters before transmitting them over the Internet. The rlogin and rsh programs are similar, but were typically used with a concept of trust. The destination computer has an idea of trusted users and computers, and allows them to connect without logging in.
Similarly, the scp program replaces the rcp remote copy tool with an encrypted version, based on an underlying ssh connection, and the sftp program replaces old-style FTP.
In the current hostile Internet environment, it's not feasible to trust users or computers based on who or what they claim to be, so the SSH suite adds public-key (also called Diffie-Helman cryptographic credentials. In the super-abbreviated version, public-key cryptography works by generating two linked pieces of information, called keys, which are basically large numbers (1024 bits is typical, encompassing 2^1024 possibilities, which is more than 10^333). One of these numbers is kept secret (the "private key"), and the other is not (the "public key"). Information encrypted using the private key can be decrypted using the public key; information encrypted with the public key can only be decrypted by the private key.
There's a lot more to it, of course. In particular, public-key cryptography is much slower than conventional (single-key) cryptography, so public keys are typically used to exchange a disposable "session" key for single-key encryption. But that's enough to get by on for this discussion.
Note: I hate "SSH", all caps, since it's not a proper acronym, but it's probably not worth fighting that battle here. I will stick to lower-case for command names, since "SSH" or "Ssh" may or may not work, depending on if ssh is installed on a case-insensitive file system.
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
PermitRootLogin without-password