Introduction
When accessing a computer over a network, you need a secure connection to protect against cyber attacks. Encryption protocols such as SSH, TLS/SSL, IPsec, S/MIME, and PGP are the first line of defense. They work together to ensure data integrity, confidentiality, and authentication across the network.
This article will provide an overview of the SSH protocol, its functions, terminology, and use cases.
What Is SSH?
The Secure Shell (SSH) protocol allows users to securely access and manage remote computers over an unsecured network. SSH operates on a client-server model, where the client and server communicate through a secure channel to prevent unauthorized access and protect data integrity.
The SSH protocol has three distinct layers:
- The transport layer. Ensures secure communication between the server and the client by handling encryption, decryption, and data integrity checks. It also manages data compression and caching to improve performance and security.
- The authentication layer. Authenticates the client to the server. It supports multiple authentication methods, including passwords, public keys, and more sophisticated methods like certificates.
- The connection layer. After successful authentication, this layer manages the communication channels. It handles multiple sessions within a single SSH connection and facilitates secure file transfers, remote command execution, and port forwarding.
What Does SSH Do?
SSH can use various authentication methods to verify the client's identity and establish a secure connection with the server. These include public keys, passwords, host keys, and even security questions.
Once the connection is set up, SSH encrypts the data transmitted between the client and server. This process ensures the information remains confidential and hard to intercept. Developers and system administrators widely use SSH on both UNIX-based operating systems and Windows.
How Does SSH Work?
The process SSH uses to establish a connection between a client and a server involves the following steps:
- Establishing a connection. The client initiates a connection to the server, and both parties agree on encryption algorithms and session keys.
- Exchanging of keys. The Diffie-Hellman key exchange is used to generate a shared secret between the client and server, ensuring that only authorized parties can decrypt the transmitted data.
- Client Authentication. The server authenticates clients using passwords, public keys, certificates, etc. Upon successful authentication, the server grants access.
- Data transmission. Once authenticated, the client and server exchange data through the encrypted channel.
Note: For a detailed article of the inner workings of the SSH protocol, read How Does SSH Work?
A Brief SSH History
SSH was created by Tatu Ylönen in 1995 to combat password-sniffing attacks at the Helsinki University of Technology. The initial version, SSH-1, quickly gained popularity as a secure replacement for less secure protocols like rsh, rlogin, and Telnet. Initially released as freeware, SSH later became proprietary software.
Recognizing the need for a more robust protocol, the Internet Engineering Task Force (IETF) formed a working group to develop SSH-2, which became the new standard in 2006. SSH-2 introduced significant security enhancements, including the Diffie-Hellman key exchange.
The open-source community responded by developing OSSH, based on SSH-1, which eventually led to the creation of OpenSSH by the OpenBSD developers. Today, OpenSSH is the most widely used SSH implementation, supporting only SSH-2 as of version 7.6.
SSH-1 is no longer supported due to its vulnerabilities.
SSH Use Cases
SSH (Secure Shell) is used in data centers and IT environments to manage and secure access to remote resources. It is critical in software patching, updates, router management, server hardware maintenance, and virtualization platform administration.
Due to its ease of use and extensive feature set, SSH can be applied in a variety of scenarios, which include:
- Connecting to a remote host. Administrators and users can securely connect to servers, manage resources, and execute commands from remote locations.
- File transfers and backups. SSH facilitates the secure transfer, backup, and mirroring of files across networked systems via Secure File Transfer Protocol (SFTP) or Secure Copy (SCP).
- Port forwarding. SSH can map a client's port to the server's port, securing TCP/IP and other network protocols, making it an essential tool for tunneling sensitive data through a secure channel.
- X Window System forwarding. SSH can forward the X Window System from a server to a client, allowing users to run graphical applications on a remote machine while displaying them locally.
- Virtual Private Networks (VPNs). SSH is also used to create VPNs, providing secure communication over public networks.
SSH and Security
SSH is highly secure when used with standard security precautions. However, it can be vulnerable to several potential threats:
- Brute-force attacks. Attackers often attempt to gain access to SSH servers by using common usernames and passwords. If they succeed, they may escalate privileges to compromise the entire system. SSH keys are recommended as a more secure alternative to passwords.
- Key management risks. While SSH keys offer superior security, mismanagement can expose organizations to significant risks. For instance, if a private SSH key falls into the wrong hands, it could be used to access sensitive data, such as databases, payment systems, and routers.
- Exposed SSH ports. Some malware programs exploit IoT devices with exposed SSH ports, using them as backdoors into local networks. Limiting exposure and regularly monitoring open SSH ports can help mitigate this risk.
- Third-party clients. The security of SSH connections also depends on the SSH client you use. With many clients available, including open-source and proprietary options, the protocol's security depends on the integrity of these third-party applications.
SSH Terminology
The following table contains terms you may encounter when working with SSH:
Term | Explanation |
---|---|
~ or $HOME | A user's home directory on a Unix or Unix-like system. |
Authentication layer | The layer responsible for conducting SSH authentication. |
Client | A program used to establish a connection with an SSH server. |
Client machine | A computer running an SSH client. |
Connection layer | The layer of the SSH protocol that manages communication channels. |
Local computer | A computer running an SSH client at the user's location. |
Local user | A user accessing SSH from a local computer. |
Private key | The secret part of a public-private key pair used for user authentication. |
Public key | The public part of a key pair, copied to the SSH server for authentication. |
Remote computer | A computer running an SSH server to which SSH clients connect. |
Remote user | A user accessing SSH over a remote computer. |
Server | An SSH server program for communicating with SSH clients. |
Server machine | A computer running an SSH server. |
SCP | Secure Copy, a command-line utility that uses SSH for secure file transfer. |
SFTP | Secure File Transport Protocol, a protocol using SSH to secure network file transfers (not to be confused with FTPS, which uses TLS/SSL). |
Transport layer | The layer of the SSH protocol that oversees the entire SSH session. |
How to Use SSH?
To connect to an SSH server, you must use an SSH client. Most Unix-based operating systems have an SSH client preinstalled and accessible via the terminal.
To connect to a remote host using the terminal, issue the ssh command followed by the username and the server address or hostname:
ssh [username]@[server_ip_or_hostname]
For example:
ssh unixmarko@tty.sdf.org
Note: If you do not specify a username for SSH, the connection uses the currently logged in user.
Earlier versions of Windows did not include SSH as a built-in feature, so tools like PuTTY, which provides a graphical user interface (GUI), were commonly used to establish SSH connections.
Even though Windows 10 introduced OpenSSH client and server support starting with version 1709, many users still prefer PuTTY or PuTTY alternatives. These SSH clients offer unique features, from user-friendly graphical interfaces to enhanced security options, catering to different user preferences and needs.
SSH vs. Other Protocols
SSH, Telnet, SSL/TLS, and SFTP are all network protocols that share some similarities. But they have very different purposes and features.
SSH vs. Telnet
SSH and Telnet protocols are both used for remote access. However, SSH has largely replaced Telnet in modern IT environments due to its advanced security features, such as:
- Encryption. SSH uses strong encryption algorithms to ensure all transmitted data remains confidential and protected from unauthorized access. Telnet, by contrast, transmits data in plain text, making it vulnerable to man-in-the-middle attacks or similar network security threats.
- Authentication. Telnet only supports basic password and username authentication, which does not provide sufficient protection in today's security-conscious environment. On the other hand, SSH supports several authentication methods, such as password, public key, and host authentication.
- File transfer. SSH allows users to transfer files using the SFTP and SCP protocols. These protocols are integrated with SSH to provide encrypted file transfer capabilities, which Telnet lacks.
- Port forwarding. Using different ports to relay data is an essential security feature in a networked, multi-application environment. Since Telent does not support port forwarding, it is generally used only in controlled environments or for legacy systems.
SSH vs. SSL/TLS
Secure Sockets Layer (SSL) and SSH are cryptographic protocols, but they are not interchangeable and have different functions:
- Use cases. SSH clients are used to manage servers, transfer files, and create secure communication tunnels. SSL/TLS is primarily used to encrypt data transmitted over the Internet, such as web transactions and emails, and to protect data in web browsers using HTTPS.
- User groups. IT professionals use SSH for secure remote access. In contrast, SSL/TLS is used broadly in web applications, including ecommerce, online banking, and any scenario requiring encrypted data exchange between a web browser and server.
Note: Read our SSH vs. SSL: What Are the Differences guide for an in-depth comparison between SSH and SSL protocols.
SSH vs. SFTP
Secure File Transfer Protocol (SFTP) and SSH are related, but they serve distinct purposes:
- Scope. SSH is a broader protocol that establishes a secure channel to remote systems. SFTP operates over SSH to facilitate secure file transfers. SSH can function independently of SFTP, but SFTP requires the SSH framework to operate.
- Application. SSH is used for secure remote access, command execution, and tunneling. SFTP specifically focuses on secure file transfers and provides features like file access, transfer, and management over a secure SSH connection.
Note: For more on their similarities and differences, check out our post, SFTP vs. SSH.
Conclusion
This article covered SSH protocol basics, its history, features, and use cases as the starting point for working with SSH.
Read our Tips to Secure Your Server for more actionable tips and to elevate your server security.