Secure Shell was created to replace insecure emulation or login programs, such as Telnet, rlogin (remote login), and rsh (remote shell). It also replaces file transfer programs such as File Transfer Protocol (FTP) and rcp (remote copy). In this article, you will read what SSH is and how it works.

What is SSH?

SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that provides users, especially system administrators, with a secure way to access computers over an insecure network.

SSH also refers to a set of tools that implement the SSH protocol. Secure Shell provides password authentication, public key authentication, and encrypted data communications between two computers connected over an open network such as the Internet.

In addition to providing strong encryption, SSH is widely used by network administrators to remotely manage systems and applications, enabling them to log into another computer over the network, execute commands, and transfer files from one computer to another. transfer again SSH can also be used to create secure tunnels for other application protocols.

How does SSH work?

The protocol works in a client-server fashion, meaning that the connection is established by the SSH client connecting to the SSH server. The SSH client handles the connection setup process and uses public key cryptography to authenticate the SSH server. After the setup phase, the SSH protocol uses strong symmetric hashing and encryption algorithms to ensure the privacy and integrity of the data exchanged between the client and the server.

The figure below shows a simplified setup flow of a secure shell connection.

The way SSH works is by using a client-server model to enable the authentication of two remote systems and the encryption of data sent between them.

By default, SSH works on TCP port 22 (although the SSH port can be changed if needed). The host (server) listens on port 22 (or any SSH-assigned port) for incoming connections. It secures the connection by authenticating the client.

There are two steps to establishing a connection – first, both systems must agree on encryption standards to protect future communications, and second, the user must authenticate himself. If the credentials match, the user is granted access.

What does data encryption in SSH mean?

In fact, this protocol encodes the information exchanged between the source and destination computer with the RSA Public Key algorithm, in short, using this algorithm, the information will be valid only with the exchange key, and otherwise it cannot be read in any way. And they are not decoding, and since this key is only available to the source and destination computers, the security of the information will be maintained in the middle of the path.

Some common terms in SSH:

Now that we are familiar with the concept and how SSH works, it is not bad to get familiar with some common terms in this field:

SSH: stands for SSH protocol (in capital letters)

ssh: Indicates the ssh user-side software (in lower case)

SSHD: Indicates the Daemon of this service in Linux.

SSH1: refers to the initial version of this protocol.

SSH2: commercial and non-free version of this protocol.

OPEN SSH: Open source version of this protocol.

Use cases of SSH

SSH, which exists in all data centers, is sent by default on every Unix, Linux, and Mac server. SSH connections are used to secure various types of communications between a local machine and a remote host, including secure remote access to resources, remote command execution, software delivery and updates, and other administrative or administrative tasks.

In addition to creating a secure channel between local and remote computers, SSH is used to manage routers, server hardware, virtualization platforms, operating systems (OSes), and internal system management and file transfer applications.

While playing central roles in identity management and access management, SSH does more than just authenticate over an encrypted connection. All SSH traffic is encrypted. Whether users are transferring a file, browsing the web, or executing a command, all their actions are done privately. Common applications of SSH protocol are as follows:

• Provide secure access for users and automated processes
• Transfer files securely
• Issuing remote commands
• Management of network infrastructure and other critical system components.

History of SSH

The first version of SSH was designed in 1995 by Tatu Ylönen, who later started SSH Communications Security, a cybersecurity vendor based in Finland. Over time, various flaws were found in SSH-1. That version is now outdated and not safe to use.

SSH-2, the current version of the Secure Shell protocols, was adopted as a standard protocol by the Internet Engineering Task Force (IETF) in 2006. SSH-2 is not compatible with SSH-1 and uses Diffie-Hellman key exchange. This protocol provides stronger integration of message authentication codes to improve security.

Comparison of SSH and Telnet

Telnet was one of the first Internet application protocols used to initiate and maintain a simulation session on a remote host.

SSH and Telnet are functionally similar, except that the SSH protocol uses public key cryptography to authenticate endpoints when establishing a session, as well as to encrypt session commands and output.

While Telnet is primarily used for terminal emulation, SSH can be used to perform terminal emulation – similar to the rlogin command – as well as to issue remote commands such as rsh, transfer files using the SSH File Transfer Protocol (SFTP), and so on. no longer be used.

Comparison of SSH and SSL/TLS

(TLS) protocol, which is an update of the SSL protocol, is designed to provide security for network transmission at the transport layer. The SSH protocol also operates at or just above the transport layer, but there are important differences between the two protocols.

While both rely on public/private key pairs to authenticate the host, only the server is authenticated with a key pair under TLS. SSH uses a separate key pair to authenticate each connection: one key pair to connect from a local machine to a remote machine, and a second key pair to authenticate the connection from the remote machine to the local machine.

Another difference between SSH and TLS is that TLS allows for encryption of connections without authentication or authentication without encryption. SSH encrypts and authenticates all connections.

SSH provides IT and information security professionals with a secure mechanism to remotely manage SSH clients. Instead of requiring password authentication to establish a connection between the SSH client and the server, SSH authenticates the devices themselves.