SSH, otherwise known as Secure Shell, is a common TCP internet protocol that can be used to securely connect a computer to an outside computer or network. The physical locations of the computers on both ends of an SSH connection don't matter provided that the computers are connected to the accessible network and have SSH set up properly. There are many practical applications for SSH. A network administrator could continue their work while they're on vacation on another continent. One office network in one geographic location could work with an office network in another geographic location so all of an organization's satellite offices are united in their networking. A contracted IT services company could provide remote technical support to a client machine upon request without having to physically travel. Or considering how woefully insecure FTP is, a company could decide to use SSH for file transfer instead.
Tatu Ylönen CEO and founder of SSH Communications Security, wrote about how he invented SSH in SC Magazine:
“While attending school in Helsinki, I discovered a password ‘sniffer' attack in our university network.
To shield our data, I wrote a program to protect information as it moved from point to point throughout the network. I called it the 'secure shell', or SSH for short.”
So, here's how SSH works in Linux, Mac, etc
Today, nearly every major network environment – including those in governments, large enterprises and financial institutions – uses a version of SSH to protect data in transit and let administrators manage systems remotely.
Talk about turning lemons into lemonade. Ylönen was dissatisfied by the lack of security in the rlogin, TELNET, ftp, and rsh protocols, so he devised his own solution. He released the first version of SSH as freeware in July 1995. Adoption exploded. By the end of 1995 there were about 20,000 SSH users. He founded SSH Communications Security by December 1995. By the year 2000, there were about 2 million SSH users. SSH has been assigned to TCP port 22. Many operating systems have SSH software preinstalled, including most versions of Linux, macOS, Solaris, FreeBSD, OpenBSD, NetBSD, and OpenVMS. There are SSH applications for Windows, but they aren't preinstalled and must be installed manually.
The SSH protocol is based on the client-server model. Therefore, an SSH client must initiate an SSH session with an SSH server. Most of the connection setup is conducted by the SSH client. Public key cryptography is used to verify the identity of the SSH server, and then symmetric key encryption and hashing algorithms are used to maintain data transmission in ciphertext. That way, privacy and integrity of data transmission in both directions between the client and server is assured, man-in-the-middle attacks are mitigated.
The steps involved in creating an SSH session go like this:
- Client contacts server to initiate a connection.
- The server responds by sending the client a public cryptography key.
- The server negotiates parameters and opens a secure channel for the client.
- The user, through their client, logs into the server.
There are different ciphers that can be used for SSH depending on the applications being used. Some of them include:
- CHACHA20
- AES-GCM
- Blowfish-CBC
- AES128-CTR
- AES192-CTR
- AES256-CTR
- Arcfour
- Cast128-CBC
Usually either an implementation of Diffie-Hellman or Elliptic Curve Diffie-Hellman are used to protect the key exchange.
In the world of cryptography, specific ciphers are usually cracked at some point, and new stronger ciphers are developed. So SSH implementations will drop older ciphers and support newer ciphers over time. Therefore, we could still be using SSH thirty or forty years from now. And we all have Ylönen and the password sniffer he discovered to thank for it.
Learn about some of our favorite open source intrusion detection tools as well as tips on how to use them in our Beginner's Guide to Open Source Intrusion Detection Tools paper. Download it now. ›