1. WebsitePlanet
  2. >
  3. Glossary
  4. >
  5. Web hosting
  6. >
  7. What is SSH?

What is SSH?

Miguel Amado Written by: Miguel Amado
Christine Hoang Reviewed by: Christine Hoang
30 December 2024
Inside this Article
SSH, or Secure Shell, is a cryptographic network protocol for operating network services securely over an unsecured network. It provides a secure channel over an unsecured network by using a client–server architecture, connecting an SSH client application with an SSH server.

Definition of SSH

SSH is defined as a protocol that provides a secure and encrypted communication channel between two networked devices. This protocol uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. SSH uses a client-server architecture, where the SSH client initiates the connection to the SSH server.

The SSH protocol specifies three major components:

  1. The Transport Layer Protocol provides server authentication, confidentiality, and integrity.
  2. The User Authentication Protocol authenticates the client to the server.
  3. The Connection Protocol multiplexes the encrypted tunnel into several logical channels.
With SSH, users can securely access a remote computer and execute commands in the same manner as if they were sitting in front of that remote computer.

How Does SSH Work?

At its core, SSH works by making use of a client-server model to allow for authentication of two remote systems and encryption of the data that passes between them.

When a client connects to a server over SSH, the server uses public-key cryptography to verify the client’s identity and establish a secure connection. Once authenticated, the server and client can exchange data securely.

Here’s a step-by-step breakdown of how SSH works:

  1. Client Contacts Server: The SSH client initiates a connection to the SSH server. The client sends a request to the server to open an encrypted tunnel.
  2. Server Responds with Public Key: The SSH server responds by sending its public key to the client. This key is used for encrypting the rest of the authentication process.
  3. Client Verifies Server: The client checks whether it trusts the server’s public key. It does this by checking if the key is in its list of known hosts.
  4. Key Exchange and Session Key Creation: If the client trusts the server, it generates a session key using the server’s public key. This session key will be used to encrypt all further communications between the client and server.
  5. Authentication: The client then authenticates itself to the server. This is usually done using one of several authentication methods like passwords, public-key authentication, or host-based authentication.
  6. Encrypted Communication: Once authenticated, all communications between the client and server are encrypted using the session key.
SSH uses a combination of symmetric and asymmetric encryption. Asymmetric encryption is used for authentication and key exchange, while symmetric encryption (using the session key) is used for encrypting the actual data transfer after authentication.

SSH Keys

SSH keys provide a more secure way of logging into a server than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone.

An SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users.

There are two types of SSH keys:

  1. Public Key: This key can be freely shared with anyone. It is used to encrypt messages that only the private key can decrypt.
  2. Private Key: This key must be kept secret. It is used to decrypt messages that were encrypted using the public key.
When a client connects to a server, the server uses the public key to create a challenge and sends it to the client. The client then uses its private key to encrypt the challenge and sends it back to the server. If the server can use the public key to decrypt the message and it matches the original challenge, it proves that the client has the corresponding private key and is therefore authenticated.

This process is more secure than passwords because the private key is never transmitted over the network. Even if an attacker manages to intercept the public key, they would still not be able to log in to the server without the corresponding private key.

SSH Port

SSH uses TCP port 22 by default. This port is used for contacting an SSH server and starting the key exchange process that sets up the secure connection. All data sent and received during the connection is encrypted and decrypted by the SSH client and server.

While port 22 is the default, you can configure your SSH server to listen on a different port. This is often done as a security measure to avoid common attack scripts that target the default SSH port.

However, it’s important to note that changing the SSH port is not a foolproof security measure. It can still be discovered by a port scan, and it does not replace the need for strong authentication and secure configuration of your SSH server.

SSH Tunneling

SSH tunneling, also known as SSH port forwarding, is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add encryption to legacy applications, to bypass firewalls, and to set up VPNs (Virtual Private Networks).

There are three types of SSH tunneling:

  1. Local Port Forwarding: Allows you to connect from your local computer to another server. You configure SSH to listen on a port of your local machine. When a connection is made to that port, SSH forwards it to the specified port on the remote machine over the secure SSH connection.
  2. Remote Port Forwarding: Allows you to connect from the remote SSH server to your local machine. You configure SSH to listen on a port of the remote server. When a connection is made to that port, SSH forwards it over the secure SSH connection to the specified port on your local machine.
  3. Dynamic Port Forwarding: Allows you to configure SSH to act as a SOCKS proxy server. When you configure a SOCKS proxy client to connect to this port on your local machine, the connection is forwarded over the secure SSH connection to the remote machine, which then makes the actual connection to the target host.
SSH tunneling is a powerful tool for securing network connections. It can be used to secure applications that don’t natively support encryption, to access networked resources that would otherwise be blocked by a firewall, and to create secure VPN connections for remote access to a network.

SSH Commands

SSH has a wide range of commands that can be used for various purposes. Here are some of the most commonly used SSH commands:

  1. ssh user@host: Connects to a remote host as the specified user.
  2. ssh-keygen: Creates a new SSH key pair.
  3. ssh-copy-id user@host: Copies your public key to a remote host, enabling key-based authentication.
  4. scp file user@host:/path: Securely copies a file to a remote host.
  5. ssh -L localport:remotehost:remoteport user@sshserver: Sets up local port forwarding.
  6. ssh -R remoteport:localhost:localport user@sshserver: Sets up remote port forwarding.
  7. ssh -D port user@sshserver: Sets up dynamic port forwarding.
  8. ssh-add: Adds private key identities to the SSH authentication agent.
  9. ssh-agent: Starts the SSH authentication agent.
These are just a few examples of the many SSH commands available. Each command has its own set of options and parameters that can be used to customize its behavior.

SSH vs Telnet

SSH and Telnet are both protocols used for remote access to servers, but they differ significantly in terms of security.

Telnet is an older protocol that sends all data, including login credentials, in plain text. This means that anyone who can intercept the network traffic can easily read the data, making it highly insecure.

In contrast, SSH encrypts all data sent over the network, including login credentials. This makes it much more secure than Telnet. SSH also provides other security features such as server authentication and support for secure file transfer protocols like SFTP.

Here are some key differences between SSH and Telnet:

  1. Encryption: SSH encrypts all data, while Telnet sends data in plain text.
  2. Authentication: SSH supports strong authentication methods like public key authentication, while Telnet usually only supports password authentication.
  3. Port: SSH uses port 22 by default, while Telnet uses port 23.
  4. Secure File Transfer: SSH supports secure file transfer protocols like SFTP, while Telnet does not.
Due to its superior security, SSH has largely replaced Telnet for remote server access. Many modern operating systems no longer include Telnet by default, and most servers no longer support Telnet connections.

SSH vs SSL/TLS

SSH and SSL/TLS are both cryptographic protocols that provide secure communication over a network, but they are used for different purposes.

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are primarily used to secure web traffic. When you access a website using HTTPS, your web browser is using SSL/TLS to encrypt the communication between your browser and the web server.

SSH, on the other hand, is primarily used for remote server access, command execution, and file transfers. When you SSH into a remote server, SSH is used to encrypt the communication between your local machine and the remote server.

Here are some key differences between SSH and SSL/TLS:

  1. Purpose: SSH is used for remote server administration, while SSL/TLS is used to secure web traffic.
  2. Authentication: SSH typically authenticates the user with a username and password or SSH keys, while SSL/TLS authenticates the server to the client using certificates.
  3. Encryption: Both SSH and SSL/TLS provide strong encryption, but SSH is typically used to encrypt terminal sessions and file transfers, while SSL/TLS is used to encrypt HTTP traffic.
  4. Port: SSH uses port 22 by default, while SSL/TLS uses port 443 for HTTPS.
Despite their differences, both SSH and SSL/TLS play crucial roles in securing communication over the internet. They are both important tools in a network administrator’s toolkit.

SSH Security Best Practices

While SSH provides a secure method of remote server access, it’s not foolproof. Here are some best practices for enhancing SSH security:

  1. Use Strong Passphrases for SSH Keys: When generating SSH keys, use a strong passphrase to encrypt the private key. A strong passphrase is long, complex, and difficult to guess.
  2. Disable Password Authentication: Disable password-based logins and use SSH key pairs for authentication instead. This eliminates the risk of brute-force password guessing attacks.
  3. Disable Root Login: Disable direct root logins. Instead, users should log in with their own accounts and then use sudo to perform actions requiring root privileges.
  4. Keep SSH and the Operating System Updated: Regularly update both the SSH server and the operating system to ensure you have the latest security patches.
  5. Use a Non-Standard Port: Consider changing SSH to listen on a non-standard port. While not foolproof, this can reduce the number of automated attacks.
  6. Implement Fail2Ban or Similar: Use a tool like Fail2Ban to monitor for repeated failed login attempts and automatically block suspicious IP addresses.
  7. Use Two-Factor Authentication: Implement two-factor authentication for an additional layer of security beyond SSH keys.
  8. Restrict User Access: Only give users the minimum level of access they need to perform their tasks. Use Linux user groups and file permissions to control access.
  9. Monitor Logs: Regularly monitor SSH server logs for signs of unusual activity or potential security breaches.
By following these best practices, you can significantly enhance the security of your SSH server and reduce the risk of unauthorized access.

Summary

SSH is a powerful tool for secure remote server administration and file transfers. It provides strong encryption and authentication, making it a much more secure alternative to older protocols like Telnet.

SSH works on a client-server model, with the SSH client initiating a connection to the SSH server. The server authenticates the client using either passwords or, more securely, SSH keys. Once authenticated, all communication between the client and server is encrypted.

Beyond simple remote shell access, SSH also supports tunneling, which can be used to encrypt other network protocols, bypass firewalls, and set up VPNs. SSH has a wide range of commands for managing connections, keys, and forwarding.

While SSH is secure by design, it’s not invulnerable. System administrators should follow best practices like using strong key passphrases, disabling password authentication and root login, keeping software updated, and monitoring logs to ensure the highest level of security.

Whether you’re a system administrator managing servers, a developer needing secure access to remote systems, or simply a user wanting to securely transfer files between machines, understanding and utilizing SSH is a critical skill in today’s networked world. Its combination of security, flexibility, and ubiquity make it an indispensable tool for anyone working with remote systems.

Miguel Amado
Miguel Amado
Specializing in SaaS, Miguel interviews CEOs, CTOs, and entrepreneurs in the tech world. He also knows how much good hosting matters – especially after years of researching the best VPS and web hosting services available. As a result, he uses his expertise to write and edit glossary content about web hosting, website builders, and more. When he’s not talking about technology, you can find Miguel having spirited debates about which 90’s rock band is the best.

Follow our experts on
We rank vendors based on rigorous testing and research, but also take into account your feedback and our commercial agreements with providers. This page contains affiliate links.
Rate this Article
4.0 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Related posts
Show more related posts
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
1 1 1
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 1 1

Or review us on 1

3504535
50
5000
114311745