SSH (Secure Shell)
SSH (Secure Shell)
SSH (Secure Shell) is a cryptographic network protocol for operating network services securely over an unsecured network. It is most commonly used for remote command-line login, remote command execution, and secure file transfer. SSH was designed as a replacement for Telnet and other unencrypted remote shell protocols, which transmit sensitive information (such as passwords) in cleartext. The protocol provides strong encryption and authentication, typically using public-key cryptography.
History
SSH was first developed by Tatu Ylönen in 1995 as a response to a password-sniffing attack at the Helsinki University of Technology. The original version, SSH-1, quickly gained popularity and led to the creation of the commercial SSH Communications Security company. However, SSH-1 had several security vulnerabilities. In 1996, version SSH-2 was proposed as a more secure replacement, later standardized by the Internet Engineering Task Force in RFC 4251 and related documents. The most widely used implementation today is OpenSSH (OpenBSD Secure Shell), first released in 1999 and maintained by the OpenBSD project.
Features
- Strong encryption – SSH uses symmetric ciphers (e.g., AES, ChaCha20) to protect data in transit, with key exchange via Diffie-Hellman key exchange or ECDH.
- Authentication – Supports password, public-key, Kerberos, and host-based authentication. Public-key authentication is the most secure and common.
- Port forwarding – Allows tunneling of arbitrary TCP connections over an encrypted SSH channel, enabling secure access to internal services.
- Secure file transfer – Built-in protocols SFTP (SSH File Transfer Protocol) and SCP (Secure Copy) provide encrypted file transfers.
- X11 forwarding – Enables the execution of graphical applications on a remote machine with secure display to the local X server.
- Agent forwarding – Allows a local SSH agent to authenticate on a remote host without exposing private keys.
Usage
SSH is a fundamental tool for system administrators, developers, and anyone managing remote servers. It is supported on most Unix-like systems and is available for Windows through implementations such as OpenSSH for Windows and PuTTY. SSH is also used as a transport layer for higher-level protocols, including rsync, Git, and Ansible.
Security considerations
While SSH is generally secure, proper configuration is essential. Common best practices include disabling root login, using key-based authentication, changing the default port, and regularly updating the software. The protocol is vulnerable to man-in-the-middle attacks if host keys are not verified, but the Trust on first use (TOFU) model is common.