What is SSH?
The benefits of Secure Shell and its value simply explained.
Brief Summary
Secure Shell (SSH) is a way to securely connect to a remote computer or server over the internet. It encrypts all data that is sent between the two devices, making it difficult for anyone to intercept or steal sensitive information. SSH is commonly used by system administrators and developers to manage servers and perform remote tasks.
Let’s go back a bit and look at the history of SSH. Before SSH, there was no secure way to connect to remote computers. To be able to connect to two computers that were not in the vicinity of each other was a cool invention to start with. The only problem was the lack of security between the two computers.
Think of it like this; you have an important document that you want to share with your co-worker. As you are sharing your document with your co-worker, anyone can access and read the document. Or in technical terms, anyone online can read and intercept the data you are sending to your co-worker.
Telnet — the pre-assessor to SSH
Telnet is a set of protocols and rules that applies to accessing another computer remotely, taking control of the said computer, and modifying it without being in the vicinity of the computer. The problem with Telnet is security threats. In 1995, the founder of SSH decided to improve Telnet’s software and replace it with a very secure way to access computers remotely and ensured that outside influences couldn’t intercept the data. This new software was called SSH. The SSH protocol allows users to take control of their remote servers without security risks.
The security of SSH
Let’s go back to our metaphor to explain the process of SSH:
When you wanted to send a document to your co-worker, you would put the document in a box and lock that said box.
Once you delivered the box to your co-worker, let’s say through a postal service, your co-worker would put their own lock on the box, secure it and send it back to you.
After you had the box in your possession once again, you would remove your lock and send it back to your co-worker with only their lock still intact.
That way, they would use their key and unlock the box and read the document’s content without anyone intercepting it.
This process seems like a lot of hassle, and thankfully, the actual technical process is super easy. Technically, all you need to do is authenticate the remote user, which only takes about one second.
How does SSH work and what does SSH do?
SSH uses different connections, such as a TCP connection (Transmission Control Protocol) when it connects to servers (or computers). A TCP connection is used as a reliable network transport protocol that SSH can use. Once the connection is established, SSH sends over the data as packets loaded with said data information. All information in the packet is encrypted, besides the packet length (because we need to know how much data will be incoming). The message authentication code inside the packet is a code that the server and the client decide.
At the receiving end, the packet is decrypted by the server.
This way, you can access a computer through an unsecured network like the internet because SSH works by encrypting your data packages and not the connection between the two computers.
Secure Shell Connection
The SSH connection is initiated by the client who connects to the SSH server. Once you initiate and connect your computer to the server, it will open up a channel. Through the channel, you can communicate and control the data. As the client, you can open up different channels or connections and thereby enable multiple multiplex connections.
Multiplexing SSH connections/channels
Suppose you want to work with multiple secure shell connections over one TCP connection? Multiplexing SSH connections allows this great feature which can, when used correctly, speed the operations of SSH. In addition, it can improve aspects of SSH such as running commands faster.
Let’s give you a walkthrough of the process of creating a connection or channel with SSH.
- Once you have connected to the server, the server sends back a message that’s something along the lines of ‘I support this version of SSH’ – referring to your computer and use of SSH.
- You will exchange information with the server regarding your compatibility and the server’s compatibility.
- You will share information regarding what method you both will use to send data and encrypted messages. Basically, you are negotiating the parameters with the server. Once all of these are established, you authenticate.
- You type in your password, and the server will recognise you. Once the authentication is complete, the server will create a channel, and you have a Secure Shell connection.
SSH Key
SSH uses three techniques, and a brief explanation will follow so that you are more adept at how SSH works.
Symmetrical encryption
Symmetrical encryption uses a key both for encryption and decryption. In addition, anyone who has access to the key also has access to the message that is being transferred.
A key exchange algorithm carries out the process of Symmetrical encryption. If another machine gets access to the key, it will still not be able to decrypt the message as the key exchange algorithm is unknown. This is because the two computers (host and client) manipulate the shared data and calculate the secret key.
Asymmetrical encryption
Asymmetric encryption uses two SSH keys. Private and public keys. The private key’s strength lies in the key’s privacy and the fact that it must never be revealed. This is because only the private key can decrypt messages that were encrypted using the public key. These two keys work together. Once a connection has been established, the server will use the public key to confirm the authentication. If the client can decrypt the message, then that means that they hold the private key. Alas, the SSH session can begin.
Hashing
You can think of hashing algorithm as a bar code. The last numbers on a bar code are determined by all the other numbers in the bar code, the same logic applies to hashing. Meaning that if you change one of the bar code numbers, the last numbers of the bar code will change as well. Hashing works like this for the entire file you want to transfer. The hashing algorithm will give you a long number (hexadecimal) that complies everything that is on the file. It’s a way to verify that the file is intact and includes everything it says it does.
The difference between hashing and the other two alternatives of encryption is that you cannot reverse the hashing; it’s not meant to be decrypted.
SSH uses hashing to verify messages’ authenticity, ensuring that messages cannot be intercepted and tampered with.
If you have a document that you want to send, and it has your name on it, the hash comes through the channel along with the file to verify that it’s, in fact, the real document.
SSH at one.com
SSH implements a strong encryption algorithm to ensure the security of communication between the parties.
If you have a Professional package (or better) with us, you can easily enable SSH from your One.com control panel. Unlike Mac and Linux users who can just use their terminals, Windows users have to install a dedicated SSH client. The freeware PuTTY is generally considered the go-to choice.