What Is SSH? Understanding Secure Shell Protocol

Since the early days of the Internet, we've had the need to securely connect to other computers over shared networks. SSH, or Secure Shell Protocol, provides that solution. In this article, we'll cover what SSH is, how it works, how to use SSH, and its benefits and disadvantages.

What is SSH?

Developed in 1995, SSH, meaning Secure Shell Protocol, is a network protocol that allows two devices to communicate and share data remotely over an unsecured network, like the Internet.

The primary difference between Secure Shell Protocol and other login protocols is that SSH provides an encrypted connection. Secure Shell Protocol provides encryption via password or public key cryptography between the client and the server or router.

Due to its security advantages, network system administrators use SSH to remotely:

  • manage IT systems and applications
  • patch security software
  • manage file systems or database management systems

How does SSH work?

In a nutshell, SSH uses the client-server model to enable secure, remote connections between systems. This means it distributes tasks between providers of a service (the server) and the service requester (the client). Typically, the client authenticates with SSH keys, which are cryptographic keys in a public-private pair used to confirm identity. There are three layers to the SSH protocol - the transport layer, authentication layer, and the connection layer.

First, the SSH client uses the transport layer to initiate a connection to the SSH server using port 22. Once the client makes a connection, the server sends its public key back to the client to authenticate the server. In other words, the server is "proving" that it is who it says it is. Once the server authenticates, the client saves it as a "known host."

Next, the client and the server negotiate an encryption algorithm to use for their communication with each other. Finally, the user (client) logs in to authenticate with the server.

While clients can be authenticated using traditional passwords, the aforementioned public key authentication is more widely used. This is for two reasons. First, key-based authentication is much more secure than passwords. And second, once a key for SSH is created, users no longer need to manually enter passwords to establish secure connections.

Computer security with SSH

Understanding Secure Shell Protocol public key authentication

Public key authentication uses SSH keygen to create SSH authorized key pairs. Two key types, public and private, pair together cryptographically to authenticate both clients and server. The public key file configures to the server, and anyone with access to the private key can gain access to the server.

Once the client is authenticated and the connection is established, the client and server can exchange information via the connection layer. During the connection, all data sent are encrypted. This means that if any of the information is intercepted, it will be unintelligible to everyone except the intended recipient.

What is SSH used for?

Secure Shell Protocol is used for a number of purposes in communication and data exchange. It's primarily used to create secure communications between a computer and a host or network. It provides remote access to resources and other necessary administrative functions.

Beyond the connection between devices and hosts, it can also manage network devices like routers and servers. It assists in connecting these devices, making necessary updates or changes, and automating functions that occur regularly.

Some use SSH for single sign-on, which is a secure password method that provides users with a new password for logging in with each session. SSH protocol also encrypts traffic as part of its connections, which makes it so that users' actions and tasks are private when they use an SSH connection.

How do you use SSH?

To use Secure Shell Protocol, you need to use an SSH client to connect to the Secure Shell Protocol server. Then, once connected, you can either use the command line or a graphical user interface (GUI) to perform different tasks, such as transferring files and updating software.

Use of Secure Shell Protocol clients differs depending on your operating system. Some systems like Linux have SSH Linux clients preinstalled. With Windows, you can use the OpenSSH client. Other Windows SSH clients include:

  • WinSCP
  • KiTTY
  • SmarTTY
  • Chrome SSH extension
  • Bitvise

What is an SSH tunnel?

A Secure Shell Protocol tunnel is a method of transporting networking data over the encrypted Secure Shell Protocol connection, which adds encryption to standard applications and information. Creating a Secure Shell Protocol tunnel allows you to proxy web traffic using SSH. Proxying lets you connect to insecure protocols and bypass firewalls or other content filters. It can even allow you to remotely control other devices and applications or implement VPNs, which allow you to change your IP.

SSH port forwarding is what allows for tunneling. It is a process that creates a separate tunnel for data to flow within the SSH sessions.

Port forwarding with Secure Shell Protocol

When you establish an SSH connection, you connect to the server via port 22. To forward to a local port, you can use your Secure Shell Protocol client to change your source port to a local port, 5901.

Remote port forwarding is similar in concept to local port forwarding. The key difference is that you are allowing a remote host or server to access information on your local machine or remote computer. It works the same way, except you change the remote port number to your local port number.

Disadvantages of SSH

At this point, the benefits of Secure Shell Protocol should be obvious. It encrypts and authenticates all connections, providing users with a secure way to manage IT systems. Additionally, it's useful in many scenarios, including data and file transfers, proxy use, and getting remote system access to applications.

However, no protocol can ever be truly secure, even with authentication methods. This is for one simple reason - humans are fallible. Most businesses and organizations are not aware of all the SSH keys that they use.

Therefore, organizations often lose track of active keys. It's similar to an individual that fails to keep track of all their passwords across all of their personal accounts.

When keys get into the wrong hands, organizations are open to huge risks. Mainly, it provides access to root directories in the operating system and other invaluable resources such as databases, firewalls, payment systems, and personally identifiable information (PII) of employees and customers alike.

Essentially, if an attacker gets access to Secure Shell Protocol keys, it gives them free range to potentially everything on the server.

For these reasons, proper management and tracking of Secure Shell Protocol keys is of utmost importance. Organizations must determine all of the Secure Shell Protocol keys in use and then utilize the SSH keygen command to update keys that may have gotten into the wrong hands.

When used safely and properly, Secure Shell Protocol is an excellent tool for safe, encrypted communications.

Comparing SSH to other protocols


TLS, which stands for Transport Layer Security, is based in cryptography like Secure Shell Protocol. It operates on the transport layer of the OSI model. TLS works to secure data transmitted over networks in communications that expand beyond a local network, such as across the Internet. It works for browsing the web, using email, and sharing data on a messaging platform, among other application-based functions. SSH, on the other hand, finds its use in system management and administrative tasks that require secure remote access.


Both SSH and SSL (Secure Sockets Layer) are cryptography-based protocols. However, they also operate at different layers of the OSI model, meaning that they have different functions in a network. Unlike SSH, which focuses on encrypting and authenticating communications in sessions, SSL transmits data over a network.

It's used for web traffic and similar exchanges between a web browser and a web server. It operates at the transport layer of the OSI model. TLS serves the same function as SSL and has succeeded it in most scenarios.

SSH vs. Telnet

Telnet is an older protocol that, along with FTP, was one of the first to establish session transmission guidelines. In comparison to SSH, Telnet is less secure; it transmits data in plaintext while SSH provides encrypted transmissions on a secure channel. Both can transmit the same information, like usernames and passwords and messages, but SSH is the more secure protocol. Telnet is rarely used now due to the fact that other, more secure file transfer methods exist.

Frequently asked questions

What port is SSH?

The SSH port number is port 22 by default. In order for successful connections and encrypted data transfer, this port must remain open. Some firewalls or network security mechanisms close it; if this is the case, you may need to configure your network security to allow the SSH port to open.

What does SSH stand for?

The meaning of SSH is Secure Shell, which is an abbreviation of the Secure Shell Protocol.