Introduction
Secure Shell (SSH) is a cryptographic network protocol used to secure data communication over an unsecured network. It is used to authenticate remote users and provide secure access to network resources. SSH is widely used in the IT industry to securely access remote systems, transfer files, and manage networks. It is also used to securely connect to cloud services, such as Amazon Web Services (AWS) and Microsoft Azure. SSH is a secure alternative to traditional telnet and FTP protocols, which are not encrypted and can be easily intercepted.
What is SSH?
SSH (Secure Shell) is a network protocol that provides secure remote access to a computer. It is used to securely connect to a remote computer over an unsecured network, allowing users to securely transfer files, access remote resources, and execute commands on the remote system. SSH is widely used by system administrators to manage remote systems, as well as by users to securely access remote systems.
Introduction
When accessing a computer over a network, system administrators need a secure connection to hide from malicious cyber-attacks, such as password-sniffing. As large networks have security flaws, encryption protocols such as TLS/SSL, IPsec, S/MIME, PGP, and SSH are necessary to ensure necessary protection.
This article provides an overview of the SSH protocol – its function, terminology, and use cases.
Note: Due to similar abbreviations, it is easy to confuse SSL for SSH. Although both are networking protocols that utilize cryptography, the two are very different and designed for different purposes. Learn how to distinguish them by reading our guide SSH vs. SSL: What Are the Differences?.
What Does SSH Mean?
The acronym SSH stands for “Secure Shell.” The SSH protocol was designed as a secure alternative to unsecured remote shell protocols. It utilizes a client-server paradigm, in which clients and servers communicate via a secure channel.
The SSH protocol has three layers:
- The transport layer. Ensures secure communication between the server and the client, monitors data encryption/decryption, and protects the integrity of the connection. It also performs data caching and compression.
- The authentication layer. Conducts the client authentication procedure.
- The connection layer. Manages communication channels after the authentication.
The channel created by SSH uses public-key cryptography to authenticate the client. Once the connection is established, SSH provides an encrypted way to exchange information safely regardless of the underlying network infrastructure.
SSH was designed for Unix-like operating systems, such as Linux, macOS, and BSD. However, it is also works on Windows.
Note: For more information about the mechanism behind the SSH protocol, read How Does SSH Work?
A Brief SSH History
SSH was created by Tatu Ylönen in 1995. The protocol was designed to prevent password-sniffing attacks at the Helsinki University of Technology. The first version of the protocol, now called SSH-1, was designed to replace unsecured protocols such as rsh, rlogin, and Telnet. It started as freeware but soon became proprietary software.
After Ylönen’s SSH-1 became a popular tool worldwide, the Internet Engineering Task Force (IETF) assembled a group whose purpose was to develop a successor to the protocol. In 2006, SSH-2 became a new standard, featuring security improvements such as Diffie-Helman key exchange.
The open-source community developed OSSH, an SSH protocol version based on version 1.2.12 of SSH-1. The OpenBSD developers later forked OSSH to create OpenSSH, the most popular SSH implementation in the world today. As of version 7.6, OpenSSH supports only SSH-2. The support for SSH-1 has been discontinued.
SSH Terminology
The following table contains some terms you may encounter when working with SSH:
| Term | Explanation |
|---|---|
| ~ or $HOME | A user’s home directory on a Unix or Unix-like system. |
| Authentication layer | The layer responsible for conducting the SSH authentication. |
| Client | A client program for establishing a connection with the server. |
| Client machine | A computer running an SSH client. |
| Connection layer | The layer of the SSH protocol that manages communication channels. |
| Local computer | A computer running an SSH client at the location. |
| Local user | A user accessing SSH over the local computer. |
| Private key | Part of the public-private key pair for user authentication kept as a secret on the local machine. |
| Public key | Part of the public-private key pair for user authentication copied to the SSH server during the authentication process. |
| Remote computer | A computer running an SSH server to which SSH clients connect. |
| Remote user | A user accessing SSH over a remote computer. |
| Server | An SSH server program for communicating with SSH clients. |
| Server machine | A computer running an SSH server. |
| SCP | Secure Copy – a CLI utility that utilizes SSH for secure file transfer. |
| SFTP | Secure File Transport Protocol – a protocol using SSH to secure network file transfers, not to be confused with FTPS, which leverages TLS/SSL |
| Transport layer | The layer of the SSH protocol overlooking the entire SSH session. |
SSH Uses
SSH is widely used in data centers to provide secure management, remote access to resources, software patches, and updates. The protocol also enables protected router management, server hardware maintenance, and virtualization platform administration.
Due to ease of use, robustness, and numerous features, SSH can be applied in various scenarios.
These scenarios include:
- Connecting to a remote host.
- Backing up, copying, and mirroring files using SFTP.
- Mapping a client’s port to the server’s port to secure TCP/IP and other network protocols.
- Forwarding X Window System from the server to clients.
- Tunneling sensitive data through a secure channel.
- Using a Virtual Private Network.
SSH keys are often employed in automating server access with passwordless login, configuration management, and backup.
How to Use SSH?
Connecting to an SSH server is performed using an SSH client. Most Unix-based and Unix-like operating systems come with the daemon and the client preinstalled. On these systems, the SSH client is available in the terminal.
To connect to a remote host using the terminal, the user issues the ssh command followed by the username and the server address or hostname:
ssh [username]@[server_ip_or_hostname]For example:
Note: If you do not specify a username for SSH, the connection uses the currently logged in user.
Windows 10 offers OpenSSH client and server as of version 1709. Earlier versions of Windows did not include SSH as a feature, so tools such as PuTTY were used to establish an SSH connection. PuTTY is an SSH client with a GUI for SSH and Telnet:
Some other popular SSH clients for Windows include:
- Bitvise
- WinSCP
- KiTTY
- Solar-PuTTY
- SmarTTY
How Secure is SSH?
When used with standard security precautions, the SSH protocol is considered to be highly secure. However, human factors play a significant role in maintaining the security of SSH connections.
Brute force attacks on SSH servers are a common scenario. Attackers attempt to connect to a large number of SSH servers using common usernames and passwords. When they gain access to a server, they use privilege escalation to gain access to the root account.
SSH keys are recommended as a more secure authentication method than passwords. However, poor SSH key management still presents a significant risk to organizations whose critical information depends on keeping the keys secret.
While SSH keys offer better protection, their misuse can provide malicious individuals access to privileged information. This information includes accounts and resources, such as databases, routers, payment systems, etc.
Exposed SSH ports are another potential security weakness. Some malware programs attack IoT devices with ports exposed, using them as a backdoor entrance to the local network.
Lastly, a large number of SSH clients on the market means that the security of the protocol also depends on the security of third-party apps.
Conclusion
This article provided a rundown of the SSH protocol, its history, features, and use cases.
If you are interested in security solutions for your server, read 21 Tips to Secure Your Server.
What is SSH?
SSH (Secure Shell) is a cryptographic network protocol used to secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It is a secure alternative to the non-secure Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet sniffing and man-in-the-middle attacks.
SSH provides strong authentication and secure communications over insecure networks, such as the Internet. It is widely used by system administrators to control Web and other kinds of servers remotely. SSH also replaces rlogin and rsh, and provides secure file transfer capability, tunneling, and forwarding of arbitrary TCP ports and X11 connections.
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports and X11 connections; it can transfer files using the associated SSH file transfer protocol (SFTP) or secure copy (SCP) protocols. SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary.
