The full form of SSH Protocol is a secure shell, and it is also called a secure socket shell. SSH is considered one of the most secure protocols for remote logins.
SSH is a method of securely communicating from one computer to another. SSH is a network protocol that allows data or information to be transmitted between two devices through secure channels. SSH protects a network from unwanted attacks.
SSH is a replacement for other remote shells such as login, rsh, RCP, and rdist. SSH is similar to other remote shells but SSH encrypts the data so that the data becomes secure.
SSH is used to encrypt the data with public-key cryptography, where two different keys are used to encrypt the data in the pub and the key is to encrypt the data away.
SSH to SSH Communications Security Ltd. had developed.
History of SSH Protocol
- Version 1.x
- Version 2.x
- Version 1.99
The first version of the SSH protocol was launched in 1995 and was designed by Tatu Ylönen, a researcher at Helsinki University of Technology, Finland. This is known as ssh-1. In this version, there are many problems, and therefore depreciation becomes.
The second version is known as SSH-2, which is the current version of the SSH protocol. In 2006, it was selected as a standard track specification by the Internet Force Task Engineering (IETF). This version is not compatible with the SSH-1 protocol. Has better security features than ssh-1.
Version 1.99 is fixed as the Proto 2.1 version. This is not a real version but a way to identify backward compatibility.
How does the SSH protocol work
This protocol works on a client-server model, which means that the connection is established by the SSH client that connects to the SSH server. The SSH client runs the connection setting process and the SSH server uses public-key cryptography to verify the identity.
Following the SSH protocol, the SSH protocol uses strong symmetric encryption and HERA algorithms to ensure confidentiality and data integrity between clients and servers.
How do I use SSH?
You use a program on your computer (SSH client) to connect to our storage (server) and transfer data using the user interface graphics or command line. There are many programs available that allow you to make this transfer and many operating systems built-in such as Mac OS X and Linux.
SCP (Secure Copy) and/or SFTP (SSH File Transfer Protocol) will usually be supported to transfer SSH client data; We recommend that you use SFTP instead of SCP but both will work with our services.
The architecture of SSH Protocol
The SSH architecture is made up of three well-separated layers. These layers are:-
- Transport Layer
- User-authentication layer
- Connection Layer
SSH protocol architecture is open architecture; Therefore it provides a lot of flexibility and allows SSH to be used for only other purpose, a secure shell. Architecturally, transport layers are similar to Transport Layer Security (TLS).
The user-authentication layer can be used with custom authentication methods, and the connection layer allows multiple secondary sessions to be multiplied over a single SSH connection.
The TCP/IP protocol transport layer is the top layer of the OSI Model. For SSH-2, this layer is responsible for handling initial key exchange, server authentication, encryption settings, compression, and verification of integrity. It acts as an interface for sending and receiving packets in size up to 32,768bytes.
As the name suggests, the authentication layer of the user is responsible for handling client authentication and providing various methods of authentication.
Authentication is done on the client-side; So when a password is indicated, it is usually in the SSH clients rather than the servers, and the servers respond to this authentication.
This layer includes various methods of authentication; these methods are:-
Password:- Password authentication is a direct authentication method. There are facilities to change the password to make it easier to access. But it is not used by all applications.
Public-key:- The public key is a public key-based authentication method, which supports DSA, ECDSA, or RSA keypairs.
Keyboard-interactive:- It is considered one of the versatile authentication methods. In this, the network server has to send a signal to enter the information and the client sends it back along with the key-in responses by the user. It is used to provide a one-time password or OTP authentication.
GSSAPI:- In this method, authentication is performed by an external method such as Kerberos 5 or NTLM, which provides an entry capability to the SSH session.
The connection layer defines the various channels through which SSH services are provided. It defines the concepts of the channel, channel request, and global demand.
The SSH connection can host various combined channels as well as transfer data in both directions. Channel requests are used in the connection layer to deliver particular data out-band channels, for example, terminal windows from a server-side process or changed sizes from exit codes.
The standard channel type of the connection layer is:-
Shell:- This is used by the terminal shell to SFTP and execute requests.
Direct-TCP/IP:- Used for client-to-server forwarding connections.
forward-TCP/IP:- It is used for server-to-client forwarding connections.
If this blog of ours has been helpful for you, then please share it with your friends and if you have any questions then comment and tell, we will publish it on the site. Thank you.