ssh stands for “Secure Shell”. It is a protocol used to securely connect to a remote server/system. ssh is secure in the sense that it transfers the data in encrypted form between the host and the client. It transfers inputs from the client to the host and relays back the output. ssh runs at TCP/IP port 22.
Example: Accessing ubuntu machine via windows10 command prompt using ssh
ssh command consists of 3 different parts:
- ssh command instructs the system to establish an encrypted secure connection with the host machine.
- user_name represents the account that is being accessed on the host.
- host refers to the machine which can be a computer or a router that is being accessed. It can be an IP address (e.g. 192.168.1.24) or domain name(e.g. www.domainname.com).
Note: After logging into the host computer, commands will work as if they were written directly to the host terminal. Using a public-private key pair or SSH key pair to login into the remote host is more secure as compared to using passwords. For generating public-private keys use the command:
The private key must remain hidden while the public key must be copied to the remote host. After copying the public key to the remote host the connection will be established using SSH keys and not the password.
- -1: Forces ssh to use protocol SSH-1 only.
- -2: Forces ssh to use protocol SSH-2 only.
- -4: Allows IPv4 addresses only.
- -6: Allows IPv6 addresses only.
- -A: Authentication agent connection forwarding is enabled.
- -a: Authentication agent connection forwarding is disabled.
- -C: Compresses all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections) for a faster transfer of data.
- -f: Requests ssh to go to background just before command execution.
- -g: Allows remote hosts to connect to local forwarded ports.
- -n: Prevents reading from stdin.
- -p port_number: Port to connect to on the remote host.
- -q: Suppresses all errors and warnings
- -V: Display the version number.
- -v: Verbose mode. It echoes everything it is doing while establishing a connection. It is very useful in the debugging of connection failures
- -X: Enables X11 forwarding (GUI Forwarding).
- -c cipher_spec: Selects the cipher specification for encrypting the session. Specific cipher algorithm will be selected only if both the client and the server support it.
SSH is significantly more secure than the other protocols such as telnet because of the encryption of the data. There are three major encryption techniques used by SSH:
- Symmetrical encryption: This encryption works on the principle of the generation of a single key for encrypting as well as decrypting the data. The secret key generated is distributed among the clients and the hosts for a secure connection. Symmetrical encryption is the most basic encryption and performs best when data is encrypted and decrypted on a single machine.
- Asymmetrical encryption: This encryption is more secure because it generates two different keys: Public and Private key. A public key is distributed to different host machines while the private key is kept securely on the client machine. A secure connection is established using this public-private key pair.
- Hashing: One-way hashing is an authentication technique which ensures that the received data is unaltered and comes from a genuine sender. A hash function is used to generate a hash code from the data. It is impossible to regenerate the data from the hash value. The hash value is calculated at the sender as well as the receiver’s end. If the hash values match, the data is authentic.