When accessing a computer over a network, system administrators need a secure connection to hide from malicious cyber-attacks, such as password-sniffing. As large networks have security flaws, encryption protocols such as TLS/SSL, IPsec, S/MIME, PGP, and SSH are necessary to ensure necessary protection.
This article provides an overview of the SSH protocol - its function, terminology, and use cases.
Note: Due to similar abbreviations, it is easy to confuse SSL for SSH. Although both are networking protocols that utilize cryptography, the two are very different and designed for different purposes. Learn how to distinguish them by reading our guide SSH vs. SSL: What Are the Differences?.
What Does SSH Mean?
The acronym SSH stands for "Secure Shell." The SSH protocol was designed as a secure alternative to unsecured remote shell protocols. It utilizes a client-server paradigm, in which clients and servers communicate via a secure channel.
The SSH protocol has three layers:
- The transport layer. Ensures secure communication between the server and the client, monitors data encryption/decryption, and protects the integrity of the connection. It also performs data caching and compression.
- The authentication layer. Conducts the client authentication procedure.
- The connection layer. Manages communication channels after the authentication.
The channel created by SSH uses public-key cryptography to authenticate the client. Once the connection is established, SSH provides an encrypted way to exchange information safely regardless of the underlying network infrastructure.
SSH was designed for Unix-like operating systems, such as Linux, macOS, and BSD. However, it is also works on Windows.
Note: For more information about the mechanism behind the SSH protocol, read How Does SSH Work?
A Brief SSH History
SSH was created by Tatu Ylönen in 1995. The protocol was designed to prevent password-sniffing attacks at the Helsinki University of Technology. The first version of the protocol, now called SSH-1, was designed to replace unsecured protocols such as rsh, rlogin, and Telnet. It started as freeware but soon became proprietary software.
After Ylönen's SSH-1 became a popular tool worldwide, the Internet Engineering Task Force (IETF) assembled a group whose purpose was to develop a successor to the protocol. In 2006, SSH-2 became a new standard, featuring security improvements such as Diffie-Helman key exchange.
The open-source community developed OSSH, an SSH protocol version based on version 1.2.12 of SSH-1. The OpenBSD developers later forked OSSH to create OpenSSH, the most popular SSH implementation in the world today. As of version 7.6, OpenSSH supports only SSH-2. The support for SSH-1 has been discontinued.
The following table contains some terms you may encounter when working with SSH:
|~ or $HOME||A user's home directory on a Unix or Unix-like system.|
|Authentication layer||The layer responsible for conducting the SSH authentication.|
|Client||A client program for establishing a connection with the server.|
|Client machine||A computer running an SSH client.|
|Connection layer||The layer of the SSH protocol that manages communication channels.|
|Local computer||A computer running an SSH client at the location.|
|Local user||A user accessing SSH over the local computer.|
|Private key||Part of the public-private key pair for user authentication kept as a secret on the local machine.|
|Public key||Part of the public-private key pair for user authentication copied to the SSH server during the authentication process.|
|Remote computer||A computer running an SSH server to which SSH clients connect.|
|Remote user||A user accessing SSH over a remote computer.|
|Server||An SSH server program for communicating with SSH clients.|
|Server machine||A computer running an SSH server.|
|SCP||Secure Copy - a CLI utility that utilizes SSH for secure file transfer.|
|SFTP||Secure File Transport Protocol - a protocol using SSH to secure network file transfers, not to be confused with FTPS, which leverages TLS/SSL|
|Transport layer||The layer of the SSH protocol overlooking the entire SSH session.|
Note: Despite their distinct roles, the SFTP and SSH protocol are often conflated. Find out why and learn about the similarities and differences between these protocols in our post SFTP vs. SSH.
SSH is widely used in data centers to provide secure management, remote access to resources, software patches, and updates. The protocol also enables protected router management, server hardware maintenance, and virtualization platform administration.
Due to ease of use, robustness, and numerous features, SSH can be applied in various scenarios.
These scenarios include:
- Connecting to a remote host.
- Backing up, copying, and mirroring files using SFTP.
- Mapping a client's port to the server's port to secure TCP/IP and other network protocols.
- Forwarding X Window System from the server to clients.
- Tunneling sensitive data through a secure channel.
- Using a Virtual Private Network.
SSH keys are often employed in automating server access with passwordless login, configuration management, and backup.
How to Use SSH?
Connecting to an SSH server is performed using an SSH client. Most Unix-based and Unix-like operating systems come with the daemon and the client preinstalled. On these systems, the SSH client is available in the terminal.
To connect to a remote host using the terminal, the user issues the ssh command followed by the username and the server address or hostname:
Note: If you do not specify a username for SSH, the connection uses the currently logged in user.
Windows 10 offers OpenSSH client and server as of version 1709. Earlier versions of Windows did not include SSH as a feature, so tools such as PuTTY were used to establish an SSH connection. PuTTY is an SSH client with a GUI for SSH and Telnet:
Some other popular SSH clients for Windows include:
How Secure is SSH?
When used with standard security precautions, the SSH protocol is considered to be highly secure. However, human factors play a significant role in maintaining the security of SSH connections.
Brute force attacks on SSH servers are a common scenario. Attackers attempt to connect to a large number of SSH servers using common usernames and passwords. When they gain access to a server, they use privilege escalation to gain access to the root account.
SSH keys are recommended as a more secure authentication method than passwords. However, poor SSH key management still presents a significant risk to organizations whose critical information depends on keeping the keys secret.
While SSH keys offer better protection, their misuse can provide malicious individuals access to privileged information. This information includes accounts and resources, such as databases, routers, payment systems, etc.
Exposed SSH ports are another potential security weakness. Some malware programs attack IoT devices with ports exposed, using them as a backdoor entrance to the local network.
Lastly, a large number of SSH clients on the market means that the security of the protocol also depends on the security of third-party apps.
This article provided a rundown of the SSH protocol, its history, features, and use cases.
If you are interested in security solutions for your server, read 21 Tips to Secure Your Server.