What is SSH? - Brown Surfing

What is SSH?

Posted on: September 16th, 2022
By: Efrain Lemus

Have you ever found you were in a situation where you needed to remotely log into your server or access files on a remote computer? If so, then you’ve probably used Secure Shell (SSH) to do so. 

You probably heard about SSH already, as it is often-used internet jargon for anything related to cyber security. However, you might get overwhelmed when figuring out exactly what it is and how SSH works in the first place.

SSH is a secure protocol utilized as the main means of connecting to Linux servers remotely. After connecting, the commands you type in your computer’s terminal are sent to the remote server and executed there.

Let’s explore this in more detail.

SSH Overview

SSH, also named as Secure Socket Shell or Secure Shell, is a cryptographic network protocol that gives users, specifically system administrators, a secure way to access a computer over an unsecured network.

It enables two computers to communicate (c.f http or hypertext transfer protocol, the system used to transfer hypertext) and share data. An innate feature of SSH is that the communication between the two computers is encrypted, which is suitable for use on insecure networks.

The most common way to use SSH is to connect to a remote server to execute commands on that server. 

SSH is commonly used to “login” and perform operations on remote computers but may also be used to transfer data.

The History of SSH

The first version of SSH was developed in 1995 by Tatu Ylonen, and it has since become one of the world’s most widely used security protocols. SSH is typically used with other security measures, such as firewalls and intrusion detection systems, to provide a complete defence against network attacks.

One of the key benefits of SSH is that it uses public-key cryptography for authentication, making it extremely challenging for an unauthorized user to access a system.

How does SSH work?

Secure Shell is a network protocol that allows for secure communication between two computers. It is often used for remote login or file transfer and is a common way to access servers and devices over the internet. 

SSH uses a public-key cryptography system to authenticate the user and encrypt the transmitted data. When you access a remote server using SSH, your computer first verifies the server’s identity by checking its public key. 

Once the server has been authenticated, your computer will generate a unique symmetric key. The key is used to encrypt all of the data being sent over the connection. The server will then decrypt the data using its private key. 

This process ensures that all transmitted data is confidential and can only be read by the intended recipient. In addition, SSH provides a mechanism for verifying that the data has not been tampered with during transit. 

Overall, SSH is a very secure way to access a remote machine and is widely used by system administrators and developers.

Understanding different encryption techniques

SSH uses three encryption techniques when communicating between two systems over the network.

  • Symmetric encryption
  • Asymmetric encryption
  • Hashing

Symmetric encryption

It is the most common type of encryption and is used in most SSH connections. It uses a single shared secret key to encrypt and decrypt data. The secret key is exchanged between the two systems before any data is transmitted.

Asymmetric encryption

Asymmetric encryption is used along with symmetric encryption and employs two keys: a public key and a private key. The private key is never shared, but the public key can be freely distributed.

Data that is encrypted with the public key can only be decrypted with the corresponding private key. This allows for secure communication even if the public key is compromised.

Hashing

Hashing is a one-way encryption technique that converts data into a fixed-length digest. It is used to verify the integrity of data transmitted over an insecure network.

The architecture of the SSH protocol

The SSH protocol is made up of three well-separated layers. These are:

  • Transport Layer
  • Connection Layer
  • User-authentication layer

The SSH protocol architecture is open; therefore, it offers great flexibility and can be used for many purposes other than a secure shell. 

The transport layer is similar to the transport layer security (TLS), and the User-authentication layer can be used with custom authentication methods. The connection layer enables multiplexing numerous secondary sessions into a single SSH connection.

What is SSH used for?

SSH provides a security layer for data transfer between two devices. Some important use cases for SSH are:

File transfer: 

SSH is a secure method of transferring files between two computers. This is often done with the SFTP (Secure File Transfer Protocol), or SCP (Secure Copy Protocol) commands.

Remote access: 

SSH helps create encrypted, remote connections for users and processes.

X11 forwarding: 

SSH can be used to forward X11 traffic from a remote server back to your local computer. This enables you to run graphical applications on a remote server and display them.

Tunnelling: 

An encapsulation technique ensures secure data transfer, especially for business-sensitive materials, as it can act as a handy VPN.

Port forwarding: 

SSH can secure other network protocols, such as TCP/IP, by plotting the client port to the router’s port remotely.

Network management: 

It remotely manages network infrastructure and other system parts.

SSH vs. SSL/TLS

Secure Shell (SSH) and Secure Sockets Layer/Transport Layer Security (SSL/TLS) are protocols to secure data in transit. They both use encryption to protect data from intercepting and being tampered with by third parties.

However, there are some notable differences between the two.

SSH is a protocol that allows for secure, encrypted communication between two devices. This encryption uses a public-private key pair, meaning that only the devices with the corresponding private key can decrypt the data. 

SSL/TLS is a commonly used protocol to secure web traffic. It uses encryption to protect data in transit from being intercepted. However, it does not provide authentication as SSH does.

SSH commands

Some of the basic SSH commands are as follows:

ls show directory contents

cd change directory

cp copy file/folder

mkdir create a new folder

pwd show the current directory 

touch create a new file

cat show the contents of a file

mv Move file/folder

rm remove a file

find search files and directories

clear clear the terminal screen

du get file size.

Other SSH commands besides the client SSH. 

ssh-copy-id – configures a public key as authorized on a server

ssh-keygen – creates a key pair for public key authentication

ssh-agent – agent to hold private key for single sign-on

scp – file transfer client with RCP 

ssh-add – tool to add a key to the agent

sftp – file transfer client with FTP-like command interface

sshd – OpenSSH server 

How secure is SSH?

Unlike traditional protocols like FTP, SSH uses encryption to protect data from being intercepted by third parties. In addition, SSH provides authentication mechanisms to ensure that only authorized users can access the server. 

As a result, SSH is generally considered to be more secure than other protocols. However, no system is perfect, and some security vulnerabilities have been discovered in SSH over the years. Fortunately, most of these vulnerabilities have been addressed in recent protocol versions. 

Overall, SSH is a very secure way to connect to a remote server, and it will likely continue to be used for sensitive data transfers in the future.

Have any questions or comments? Write them below!


Leave a Reply

Your email address will not be published.