The term SSH stands for Secure Shell and describes a network protocol that can be used to establish a secure connection between two computers (client and server).
In computer science, “shell” refers to the part of the operating system through which the user can access the computer. This is usually understood to mean the command line or the terminal, but also the graphical user interface.
Since the network protocol establishes a connection to the shell of another computer, the procedure for establishing a connection is called Secure Shell. It can therefore be seen as a secure successor to serial consoles and so-called Telnet connections.
Various encryption and authentication methods are used to prevent data transfers from being unintentionally read or manipulated. Security plays a central role, especially on the internet, and SSH enables a direct and secure connection within this potentially insecure network.
SSH server and client must first authenticate each other. To do this, the server sends an encrypted certificate to the client to verify that it is really the correct server. After the exchange of the certificate, no other participant can contact the server.
After the server authentication, the client authentication takes place. This can be done using a password stored encrypted on the server. The disadvantage, however, is that the password has to be re-entered each time the server is changed.
The use of a key pair (public and private key) is therefore recommended as an alternative method. The private key created by the client should be stored password-protected in a secure enclave or in a password manager to increase security. The public key, the counterpart to the private key, is sent from the client to the server and remains there. This way, the password only has to be entered once during a session to connect to any number of servers.
When the SSH client initiates an SSH connection request to the server, the server responds with a random message. The client encrypts this message with the private key and sends it back to the server. Using the public key corresponding to the client's private key, the server decrypts the message and checks whether the public and private keys are part of a pair.
After mutual authentication, both communication participants establish an encrypted connection (SSH tunnel) and agree on a shared session key. The session key is created simultaneously but independently by the client and server, is only valid for the duration of the respective session and is not to be confused with the public and private key pairs. The session key is used to encrypt and decrypt any messages exchanged between the client and server. This makes it difficult for unauthorized parties to intercept or decrypt data.
In addition to remote access for remote system administration, SSH is also used for secure file transfer, backup management, or end-to-end encryption between two computers.
The first version of the protocol (now called SSH-1) was developed in 1995. Released as freeware, it quickly gained popularity. SSH-2 was released in 2006 after some vulnerabilities in the SSH-1 integrity check were discovered.
