SSH, or Secure Socket Shell, is a network protocol that allows administrators to securely access a computer remotely. SSH also refers to all the utilities that implement the protocol.
The Secure Shell protocol provides strong authentication and secure encrypted data communications between two computers connected over an insecure network, such as the Internet.
Table of Contents
SSH is widely used by network administrators to remotely manage systems and applications, as it allows them to connect to another computer on a network, run commands, and move files from one computer to another.
Basically, It is a protocol that allows you to connect to a remote machine with a secure connection. The data are encrypted between machines. It allows executing commands on a remote server.
SSH stands for both the cryptographic network protocol and the utilities that implement that protocol. SSH works on the client-server model, connecting a Secure Shell client application – where the session appears – to an SSH server – where the session runs.
Most operating systems, except Microsoft Windows, include SSH by default. SSH supports tunneling, which forwards arbitrary TCP ports and X11 connections, while file transfer can be done using the associated Secure File Transfer Protocol (SFTP) or Secure Copy Protocol (SCP) protocols. By default, an SSH server listens on standard TCP port 22.
The SSH suite includes three utilities (slogin, ssh, and scp), which are secure versions of earlier insecure UNIX utilities (rlogin, rsh, and rcp). SSH uses public key encryption to authenticate the remote computer and allow it to authenticate the user, if needed.
SSH Protocol’s History and Advancements
The first version of SSH was created in 1995 by Tatu Ylönen, a researcher at Helsinki University of Technology and founder of SSH Communications Security. Gradually, vulnerabilities were discovered in SSH-1, now obsolete.
The current version of Secure Shell protocols is SSH-2, the standard adopted in 2006.
It is not compatible with SSH-1 and uses Diffie-Hellman key exchange and strong integrity checking that relies on message authentication codes to improve security.
SSH clients and servers can use various encryption methods, the most common being AES and Blowfish.
Currently, there are no known exploitable SSH2 vulnerabilities, but information disclosed by Edward Snowden in 2013 suggests that the National Security Agency is able to decrypt some SSH traffic.
Shellshock, a Bash command processor security flaw, can be executed over SSH, but it is a vulnerability in Bash, not SSH. In fact, the biggest threat to SSH is poor key management.
Indeed, in the absence of a proper centralized process for creating, rotating and deleting SSH keys,
companies risk losing complete control over resource access permissions, especially when SSH is used in automated inter-application processing.