SSH (Secure Shell)

Edit · View history

SSH (Secure Shell)

SSH (Secure Shell) is a cryptographic network protocol for operating network services securely over an unsecured network. It is most commonly used for remote command-line login, remote command execution, and secure file transfer. SSH was designed as a replacement for Telnet and other unencrypted remote shell protocols, which transmit sensitive information (such as passwords) in cleartext. The protocol provides strong encryption and authentication, typically using public-key cryptography.

History

SSH was first developed by Tatu Ylönen in 1995 as a response to a password-sniffing attack at the Helsinki University of Technology. The original version, SSH-1, quickly gained popularity and led to the creation of the commercial SSH Communications Security company. However, SSH-1 had several security vulnerabilities. In 1996, version SSH-2 was proposed as a more secure replacement, later standardized by the Internet Engineering Task Force in RFC 4251 and related documents. The most widely used implementation today is OpenSSH (OpenBSD Secure Shell), first released in 1999 and maintained by the OpenBSD project.

Features

Usage

SSH is a fundamental tool for system administrators, developers, and anyone managing remote servers. It is supported on most Unix-like systems and is available for Windows through implementations such as OpenSSH for Windows and PuTTY. SSH is also used as a transport layer for higher-level protocols, including rsync, Git, and Ansible.

Security considerations

While SSH is generally secure, proper configuration is essential. Common best practices include disabling root login, using key-based authentication, changing the default port, and regularly updating the software. The protocol is vulnerable to man-in-the-middle attacks if host keys are not verified, but the Trust on first use (TOFU) model is common.