SSH
What is SSH?
SSHA cryptographic network protocol (RFC 4251, port 22) that provides authenticated, encrypted, and integrity-protected remote login, command execution, and tunneling over an untrusted network.
Secure Shell, specified in RFC 4251-4254, replaced telnet and rlogin by combining host authentication, user authentication, and an encrypted channel on TCP port 22. It uses a Diffie-Hellman or ECDH key exchange to derive session keys, then runs an authenticated symmetric cipher (typically AES-GCM or ChaCha20-Poly1305). User authentication can be password-based, public-key, host-based, or certificate-based; key-based auth is preferred for automation. SSH also supports TCP port forwarding, SOCKS proxying, X11 forwarding, and serves as the carrier for SFTP and scp. Hardening focuses on disabling passwords, restricting algorithms, rotating host keys, using bastion hosts, and monitoring authorized_keys.
● Examples
- 01
An engineer runs ssh -i id_ed25519 user@bastion to reach an internal jump host.
- 02
A CI/CD pipeline pushes deployments via ssh git@github.com using a deploy key.
● Frequently asked questions
What is SSH?
A cryptographic network protocol (RFC 4251, port 22) that provides authenticated, encrypted, and integrity-protected remote login, command execution, and tunneling over an untrusted network. It belongs to the Network Security category of cybersecurity.
What does SSH mean?
A cryptographic network protocol (RFC 4251, port 22) that provides authenticated, encrypted, and integrity-protected remote login, command execution, and tunneling over an untrusted network.
How does SSH work?
Secure Shell, specified in RFC 4251-4254, replaced telnet and rlogin by combining host authentication, user authentication, and an encrypted channel on TCP port 22. It uses a Diffie-Hellman or ECDH key exchange to derive session keys, then runs an authenticated symmetric cipher (typically AES-GCM or ChaCha20-Poly1305). User authentication can be password-based, public-key, host-based, or certificate-based; key-based auth is preferred for automation. SSH also supports TCP port forwarding, SOCKS proxying, X11 forwarding, and serves as the carrier for SFTP and scp. Hardening focuses on disabling passwords, restricting algorithms, rotating host keys, using bastion hosts, and monitoring authorized_keys.
How do you defend against SSH?
Defences for SSH typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SSH?
Common alternative names include: Secure Shell.
● Related terms
- network-security№ 1022
SFTP
A secure file-transfer subsystem that runs inside an SSH session on TCP port 22, providing authenticated, encrypted file and directory operations.
- network-security№ 1134
TCP
A connection-oriented transport protocol (RFC 9293) that delivers an ordered, reliable, congestion-controlled byte stream between two endpoints over IP.
- cryptography№ 067
Asymmetric Encryption
A cryptographic scheme that uses mathematically linked key pairs — a public key for encryption and a private key for decryption — to enable secure communication without prior secret sharing.
- identity-access№ 076
Authentication
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.
- network-security№ 437
FTP
A legacy file-transfer protocol (RFC 959) that uses TCP port 21 for control and port 20 for data, transmitting credentials and files in cleartext and largely deprecated for security reasons.
- network-security№ 1160
TLS Handshake
The initial protocol exchange in Transport Layer Security that authenticates the server (and optionally the client) and derives the symmetric keys used to encrypt the rest of the session.
● See also
- № 1088SSH Agent Forwarding
- № 1089SSH Key Types
- № 594known_hosts File