HomeBlogSecurityWhat is SSH? A Beginner's Guide to Secure Socket Shell

What is SSH? A Beginner's Guide to Secure Socket Shell

Published
05th Sep, 2023
Views
view count loader
Read it in
16 Mins
In this article
    What is SSH? A Beginner's Guide to Secure Socket Shell

    To protect themselves against malicious cyber-attacks, such as password sniffing, system administrators need a secure connection when accessing a computer over a network. In order to ensure necessary protection, encryption protocols such as TLS/SSL, IPsec, S/MIME, PGP, and SSH are necessary, as large networks have security flaws.

    SSH is a commonly used internet jargon for anything related to cyber security, so you might have already heard of it. It might be overwhelming to understand what it really is and how it works in the first place. SSH is a secure method of remote access that is offered through the underlying mechanisms used by the protocol.

    We will cover the basics in this tutorial. The purpose of this article is to explain the SSH protocol - its functions, terminology, and use cases. We will describe the different types of encryption as well as what they are used for. You can take up an Ethical Hacking Certification course to learn more about how SSH, SSH remote connection, what is SSH protocol, what is SSH Access, how to use SSH, and how SSH into a server.

    What is SSH? 

    The Secure Shell protocol is a network protocol that provides a secure interface between users and computers on unsecured networks, particularly for system administrators. The SSH protocol is also implemented by a set of utilities. A Secure Shell connection can be encrypted between two computers connected over an open network, like the internet, with strong password authentication and public key authentication. Besides providing strong encryption, SSH is also widely used to manage systems and applications remotely, enabling network administrators to access another computer via a network and execute commands, as well as move files. 

    There are several utilities that implement the Secure Shell protocol, including a cryptographic network protocol called SSH. Client-server models are used by Secure Shell to connect a Secure Shell client application, which displays the session, with a Secure Shell server, which runs that session. Clients and servers are connected through the Secure Shell network. A number of application protocols are supported by SSH implementations, such as terminal emulators and file transfers. As well as creating secure tunnels for other application protocols, SSH can also be used to securely run graphical sessions over remote connections using the X Window System. SSH servers listen on the standard Transmission Control Protocol (TCP) port 22 by default. 

    How Does SSH Work or What Does SSH Do? 

    Source

    Secure Shell replaces insecure terminal emulators and login programs as an alternative to Telnet, rlogin (remote login), and rsh (remote shell). Users can log in to remote systems and run terminal sessions using SSH. SSH also replaces File Transfer Protocol (FTP) and RCP (remote copy). SSH is primarily used for connecting to remote hosts for terminal sessions. The command form is as follows: 

    SSH UserName@SSHserver.example.com 

    A client will attempt to connect using the user ID UserName to the server named server.example.com with this command. The user will be prompted for the public key fingerprint of the remote host when negotiating a connection for the first time, even if there has never been a connection in the past: 

    The authenticity of host 'sample.SSH.com' cannot be established. DSA key fingerprint is 01:23:45:67:89:ab:cd:ef:ff:fe:dc:ba:98:76:54:32:10. Are you sure you want to continue connecting (yes/no)? 

    If you answer yes, the session will continue, and the host key will be stored in the local system's known_hosts file. The user's home directory is a hidden file called /.SSH/known_hosts, which is located by default. Client systems can connect directly to a server once the host key is stored in the known_hosts file without any approvals; the host key authenticates the connection. 

    What is SSH in Networking Used For? 

    Every Unix, Linux, or Mac server comes with SSH by default in all data centers. There have been many applications for SSH connections to secure communication between local machines and remote hosts, including secure remote access to resources, remote command execution, software patch, update delivery, and other management and administrative tasks. SSH is used to connect local and remote computers securely and to manage routers, servers, virtualization platforms, operating systems (OSes), and file transfer applications inside the systems. Using tools or directly through the terminal, Secure Shell can connect to servers, make changes, upload files, and exit files. 

    Now let us understand what SSH keys are. In scripts, backup systems, and configuration management tools, SSH keys are often used to automate access to servers. Users can move between their accounts without typing a password each time with single sign-on (SSO) if they use SSH keys, which are convenient and work across organizational boundaries. Although SSH plays a major role in identity and access management, it is not only used for authentication over encrypted connections. SSH traffic is also encrypted. The actions of users are private, whether they're transferring files, browsing the web, or running commands. While ordinary usernames and passwords can be used to authenticate hosts, SSH uses public-key pairs more often. 

    To connect to the remote host itself, an individual must still use a user ID and password -- or another authentication method --, but each host authenticates separately from its local machine. A unique public key pair is generated for each host involved in the communication. Authenticating the remote machine to the local machine requires two public key pairs: one for establishing a connection with the remote machine and the second for authenticating the local machine with the remote machine.

    The History of SSH 

    Tatu Ylönen, a researcher at the Helsinki University of Technology, developed the first version of SSH in 1995. He went on to start SSH Communications Security, a cybersecurity company in Finland. SSH-1 has been found to have a number of flaws over the years. The version has been discontinued and is no longer considered safe for use. In 2006, the Internet Engineering Task Force (IETF) adopted SSH-2 as a Standards Track specification, which was the first version of Secure Shell protocols. To improve security, SSH-2 uses a Diffie-Hellman key exchange and a stronger integrity check that uses message authentication codes that are not compatible with SSH-1. 

    Many encryption methods are available for SSH clients and servers, and the most commonly used are Advanced Encryption Standard (AES) and Blowfish. The National Security Agency (NSA) may be able to decrypt some SSH traffic, but there are no known exploitable vulnerabilities in SSH-2. However, Edward Snowden leaked information in 2013 suggesting that SSH-2 could have exploitable vulnerabilities. 

    SSH Implementations 

    Various SSH implementations are listed here. There are many cybersecurity certificates like Cybersecurity certificate programs that teach you about this. In many cases, we provide a comprehensive review, installation instructions, guidance, and/or how-tos. 

    1. A 24x7 support for Tectia SSH client & server for Windows, Linux, and Unix.  
    2. A client and server for IBM z/OS mainframes - Tectia SSH for IBM z/OS.  
    3. PUTTY is a client for Windows and Linux.  
    4. WinSCP is a Windows client.  
    5. CyberDuck is a Mac client.  
    6. OpenSSH server is a Unix and Linux server.  
    7. Alternatives for clients.  
    8. Alternatives to servers.  
    9. Alternatives to Windows SSH. 

    SSH Terminology 

    1. SSH port number 

    When connecting to an SSH server, its default port is 22. If you wish to change this default, enter any number between 1024 and 32,767 in the port field. 

    2. SSH commands 

    Apart from the client SSH command, SSH has other commands.  

    1. SSH-keygen lets you generate public key pairs for authentication 
    2. A public key is configured as authorized on a server using SSH-copy-id 
    3. SSH-agent - an agent that maintains the private key for single sign-on 
    4. An agent key can be added with SSH-add 
    5. SFTP is a file transfer program with an interface similar to FTP 
    6. SCP is a file transfer client with a command interface like RCP 
    7. A server for Open SSH is called SSHd 

    3. SSH client  

    Generally, SSH clients are available for Unix, Microsoft Windows, IBM z/OS, and other enterprise environments. SSH client software enables secure and authenticated connections to SSH servers. 

    4. SSH protocol 

    An insecure network such as the internet can be used to share data between two computers through this cryptographic network protocol. SSH protocol is used for logging in to a remote server, executing commands, and transferring data between computers. In order to safely communicate with the remote machine, SSH Communication Security Ltd developed the protocol. 

    5. SSH options 

    There are many options that SSH provides. You can check the manual page for all the options.

    6. SSH flags 

    You can have a look at the flags in the screenshot above 

    7. SSH remote connection 

    You can now establish a secure remote connection with your servers once the OpenSSH client and server have been installed on all the computers you need. Run this command on your machine from the SSH terminal: SSH your_username@host_ip_address. You can connect to the server with just the following command. Just type: SSH host_ip_address and hit Enter if your local username matches the one on the server. Enter your password and hit Enter. While typing, you won't get any feedback on the screen. It will ask if you want to continue connecting to a server for the first time when you paste your password. Make sure your password is safely stored and not in a text file.  

    When this message appears, simply type yes and press Enter. As your local computer does not recognize the remote server, this message appears only this time. You are now connected to the remote server, thanks to the ECDSA key fingerprint. Use the private IP address rather than the public IP address if you are trying to access the same computer remotely. You will have to use the public IP address only otherwise. Also, make sure you know what TCP port OpenSSH listens to for connection requests and if your port forwarding is working properly. If no changes have been made to the SSHd_config file, the default port is 22. A connection request for the OpenSSH client may also use a port number after the host's IP address. 

    Here is an example. 

    username@machine:~$ SSH phoenixnap@185.52.53.222 –p7654 phoenixnap@185.52.53.222’s password: 

    The authenticity of host '185.52.53.222 (185.52.53.222)' can't be established. ECDSA key fingerprint is SHA256:9lyrpzo5Yo1EQAS2QeHy9xKceHFH8F8W6kp7EX2O3Ps. Are you sure you want to continue connecting (yes/no)? yes 

    Warning: Permanently added ' 185.52.53.222' (ECDSA) to the list of known hosts. 

    username@host:~$

    8. SSH account 

    Using SSH accounts for tunneling your internet connection does not guarantee that your internet speed will increase. It will provide encryption on all data read and then send it to another server. By using an SSH account, you will have a static IP address, and you can use it privately. 

    9. SSH terminal 

    Using the SSH command, this command establishes a secure encrypted connection between two hosts over an insecure network. Additionally, you can use this connection to access terminals, transfer files, and tunnel other applications. Over SSH, graphic X11 applications can also be run securely. 

    What is SSH Public Key 

    Public key authentication is more secure than simple passwords because it offers cryptographic strength that even extremely long passwords cannot provide. Public key authentication significantly improves security with SSH since it relieves the users from having to remember complex passwords (or, worse yet, write them down). It also offers users the benefit of implementing a single sign-on across all SSH servers they connect to, which in addition to security, offers usability benefits. In addition to providing automated, password-less login, public key cryptography also enables the countless secure automation processes executed within enterprise networks all over worldwide on a couple of key concepts that serve as the basis for public key cryptography. 

    Private keys must be protected with utmost care. The most common user-driven use case is to encrypt the private key with a passphrase. A passphrase is asked for when the user needs to decrypt the private key. SSH agents can be used to automate the process. The private keys of most automated applications and scripts are not protected, and key management practices must be carefully planned and implemented to comply with regulatory requirements. 

    What is SSH Tunneling? 

    Source

    With SSH tunneling, you can transfer additional data streams by transferring them within an existing SSH session. For example, you can access remote web services without exposing ports to the internet, access a server behind NAT, or expose a local port to the internet. It is the default behavior of an SSH connection to get a server's shell when you connect to a server using SSH. Under the hood, your SSH client creates an encrypted connection between you and the server through the SSH client. SSH can, however, transport any data. SSH access, for example, sends binary streams detailing the dimensions of pseudoterminal and ASCII characters so the remote shell can run commands. A binary protocol stream tunneled over SSH can then be transmitted during SSH port forwarding (e.g., SQL over SSH). 

    Secure Shell Security Issues 

    During the encryption process, Secure Shell uses algorithms subject to change, making them more vulnerable as they age. When these algorithms become vulnerable, bad guys can exploit them to do harm to the system. Suppose Susan is a system administrator who has access to several servers. As a result of using the SSH keygen, she is now able to log in to the systems via Secure Shell. Susan leaves the company without affecting the servers. Nonetheless, Susan can still access the servers if nobody removes her keys. SSH logs will show proof of these things if Susan's company monitors them. 

    In addition to pivoting from one machine to another with SSH and keys, there is another very useful feature. For instance, imagine a system administrator logging into one server and performing a task there. They can then pivot from one server to another without logging out and then logging in to the next server. Once they have access to the second server, they can pivot to the third server, to the fourth server, etc. However, imagine what happens if a bad guy gets access to the first server. Then he can switch between servers 1 and 2, 2 to 3 etc. The real world isn't that simple. Once a bad guy gets into server 1, they hunt and peck until he/she gets into another server and repeats the process until they find something useful. Configuration and settings expose other common SSH vulnerabilities. SSH security risks can be significantly increased or reduced by system administrators in most organizations by disabling or changing most or all SSH configurations. 

    SSH Examples 

    Here are some examples of SSH: 

    1. SSH Socks Proxy 
    2. SSH Tunnel (Port Forwarding) 
    3. SSH Tunnel to Secondary Host
    4. Reverse SSH Tunnel
    5. SSH Reverse Proxy
    6. Establish VPN over SSH
    7. Copy your SSH key (SSH-copy-id) 
    8. Run Command Remotely (non-interactive) 
    9. Remote Packet Capture & View in Wireshark 
    10. SSH Copy Folder from Local to Remote 
    11. Remote GUI Applications with SSH x11 Forwarding 
    12. Copy files remotely with Rsync and SSH
    13. SSH over Tor Network 
    14. SSH to the EC2 instance 
    15. Edit text files with VIM over SSH/SCP 
    16. Mount remote SSH as a local folder with SSHFS 
    17. SSH Multiplex using ControlPath 
    18. Stream Video over SSH 
    19. Two Factor Authentication 
    20. Bouncing through jump hosts with SSH and -J 
    21. Block SSH Brute Force Attempts with iptables 
    22. SSH Escape to Modify Port Forwarding 

    Conclusion

    Data supplied by the client is SSH encrypted using the parameters agreed upon as soon as the SSH client and server establish a connection. Clients and servers negotiate the algorithm for symmetric encryption and generate encryption keys during the negotiation.  

    AES (Advanced Encryption Standard) is the industry-standard strong encryption algorithm that protects communication between the communicating parties. The SSH protocol is also equipped with a mechanism to ensure data integrity by using standardized hash algorithms. We provide a KnowledgeHut Ethical Hacking Certification course for all those who want to learn more about these concepts about SSH terminal for windows, what it is openSSH, and what SSH agent is.

    Frequently Asked Questions (FAQs)

    1Is SSH necessary?

    Using SSH to administer mission-critical systems and automate processes is crucially important. Users and automated processes are usually granted elevated privileges by SSH.

    2How do I connect to SSH?

    To connect to SSH, follow the following steps: 

    • Run the following command on your machine: SSH your_username@host_ip_address 
    • Type: SSH host_ip_address and press Enter if the username you are trying to connect to matches the one you have on your local machine. 
    • Inputting your password will not be accompanied by any feedback on your screen. You should make sure your password is stored safely and not in a text file if you are pasting it in. 
    • You will be asked if you want to connect to the server again when you connect for the first time. If you type yes, the message will appear only this time since your local machine does not recognize the remote server. 
    3How do I create an SSH key?

    A new SSH key pair can be created by running the SSH-keygen command with the -C flag in a terminal. Replace the following: KEY_FILENAME: the name of the SSH key file you want. For example, a filename my-SSH-key generates a public and private key. 

    4How do SSH keys work?

    Clients and remote machines use SSH keys to establish encrypted communication channels over the internet by authenticating and establishing a pair of public and private keys. 

    Profile

    Mrinal Prakash

    Blog Author

    I am a B.Tech Student who blogs about various topics on cyber security and is specialized in web application security

    Share This Article
    Ready to Master the Skills that Drive Your Career?

    Avail your free 1:1 mentorship session.

    Select
    Your Message (Optional)

    Upcoming Cyber Security Batches & Dates

    NameDateFeeKnow more
    Course advisor icon
    Course Advisor
    Whatsapp/Chat icon