Skip to content

Secure Shell Protocol (SSH)

The Secure Shell Protocol (SSH) is a cryptographic network protocol that enables secure communication and operation of network services over an unsecured network. SSH facilitates various functionalities, including remote login, command execution, tunneling, forwarding TCP ports, and X11 connections. It also supports secure file transfer using SSH (SFTP) or secure copy (SCP) protocols. SSH operates on a client-server model.

The SSH protocol comprises three main components:

  • Transport Layer: This layer, defined in RFC 4253, typically utilizes the Transmission Control Protocol (TCP) of TCP/IP and reserves port number 22 as the server listening port. It handles initial key exchange and server authentication and sets up encryption, compression, and integrity verification.

  • User Authentication Layer: Defined in RFC 4252, this layer manages client authentication and offers various authentication algorithms. Standard authentication methods include password-based authentication, public-key-based authentication, keyboard-interactive authentication (RFC 4256), and GSSAPI authentication methods, enabling single sign-on capability using external mechanisms such as Kerberos 5 or NTLM.

  • Connection Layer: Defined in RFC 4254, this layer introduces the concept of channels, channel requests, and global requests, which define SSH services. SSH can multiplex multiple logical channels within a single connection, facilitating bidirectional data transfer. Standard channel types include terminal shells (for remote command execution), direct-tcpip (for client-to-server forwarded connections), and forwarded-tcpip (for server-to-client forwarded connections).

The Secure Shell fingerprint (SSHFP) DNS record (RFC 4255) also provides public host key fingerprints, aiding in host authenticity verification during SSH connections.