How Does SSH Work?

Whether you are a blogger or the owner of a large company, you must ensure that your image in the eyes of customers is as good as possible. Taking precautions and protecting your website from compromise is a must. There are several ways of protection. One of them is the use of the SSH protocol.

What is SSH?

SSH stands for Secure Shell. It is a standard for client and server communication protocols used in TCP/IP computer networks. With the Secure Shell protocol, you can log in to remote computers and execute commands. It is the client-server model for remote connection. The SSH connection is encrypted, unlike the SSH protocol predecessor – TELNET.

Intercepting unencrypted data is straightforward and requires basic knowledge about the connection layer. Using unsecured remote shell protocols is risky, hence the popularity of setting user authentication layer.

There are two main groups of Secure Shell users. Network Administrators use it to manage remote SSH servers. Hosting customers use an SSH connection to administer their servers with custom authentication methods. You can configure a remote machine, repair a malfunctioning router, or access remote databases. The protocol provides the ability to use e-mail and allows secure file transfer.

Secure Socket Shell protocol is a handful in everyday work on remote equipment and significantly increases the security of the connection layer. With cryptographic network protocol, you can fight an attack on your website from the outside, e.g., an attempt to intercept a password or impersonate a DNS server.

You can access your VPS or dedicated server via SSH client. You can modify system files on the server and install new tools. With shared hosting, you can view, move, copy, and edit files on the server, pack and unpack files directly on the server, and create or restore backups.

To know the difference between a VPS and a dedicated server, read this article. You will learn when it is worth investing in a dedicated solution and when a virtual one is enough.

SSH Protocol Mechanism

You already know what is SSH file transfer protocol. With a secure shell client application, you can work in the shell of a remote system as if it were a local system. Secure Shell technology was the cure for the insecurity of the Telnet protocol. It works in a client-server architecture; the server listens on the default port 22. Its security potential is highly respectable and allows two computers to communicate without the risk of data seizure.

The encryption key exchange algorithm is the basis for understanding how the entire SSH connection works. SSH enables symmetric key client authentication during connection with different remote operating systems. In addition, SSH protocol programs provide:

  • choice of a password authentication method;
  • tunneling TCP connections in SSH;
  • X-Window session tunneling;
  • secure transfer of SCP files;
  • support for external methods of authentication (including Kerberos, digital certificates, and SmartCards).

As a result, Secure Shell technology protects its users against the following attacks:

  • session sniffing and spoofing,
  • spoofing a DNS server,
  • IP source routing (impersonating a trusted system),
  • IP spoofing (impersonating a remote target server),
  • password hijacking.

SSH protocol has two variants: the older SSHv1 and the new SSHv2 developed by the Internet Engineering Task Force (IETF). They differ in encryption methods, but the basic working principle based on public key cryptography of client and server is the same.

I will focus on the SSHv2 protocol, highlighting the differences between it and its older brother. SSHv1 is rapidly losing popularity in favor of its successor because one can carry out an effective session hijacking attack against it which isn’t possible with the advanced encryption standard of SSHv2.

SSH Client and SSH Server authorization

Secure Shell authorization guarantees safe connection encryption

Each computer system that uses the latest SSH client protocol has a unique RSA or DSA public key file format. SSHv1 has an RSA server only. Such SSH keys are at least 1024 bits long. In SSHv1, the server generates periodically exchanged public-private key pair with a length of at least 768 bits. The remote machine server generates two SSH keys: one is its host key, and the other is the server key.

During SSH connections, SSH clients receive its public keys; a 1024-bit permanent key assigned to the server and a 768-bit periodically changed key. The client compares the permanent key with its master and determines whether it has been connected to the correct SSH server.

Then the client encrypts a number using the public keys received from the server and sends back the encrypted number. The latter, in turn, decrypts the received value using its private keys. The output value becomes the key for symmetric algorithms used to encrypt the proper communication session. The most popular algorithms to encrypt sessions are Blowfish and Triple DES.

On the other hand, in the case of SSHv2, the server key is not generated. Instead, the Diffie-Hellman algorithm generates the session key autonomously. SSHv2 encrypts data by numerous algorithms: AES (128, 192, 256 bits), Blowfish, Triple DES, CAST128, and Arcfour. In addition, session integrity is ensured by one of the hashing algorithms – SHAv1 or MD5.

After successful authorization, the user can access the remote server and start transferring data. User authentication methods are primarily encryption protocols based on the data exchange with public keys and the rhosts authorization.

Rhosts authorization

It assumes that the SSH server has an entry in the /etc/hosts.equiv or /etc/shosts.equiv files or in the .shosts or .rhosts files containing the client computer and user names. If the listed files contain the same information, secure access is automatically granted (without asking for a password).

Public key authorization

The user’s public key resides on the Secure Shell Server with RSA. At the beginning of the connection, the client declares which public keys it wants to use. In response, the server sends a random number encrypted with the public key chosen by the client. The latter must decrypt it using its secret key corresponding to a given public key.

If this step is successful, the client encrypts the number with its private key, and the server must decrypt it with the corresponding public key. If the server receives the number that it previously sent to the client (encrypted with its public key), the client’s authorization is successful.

In SSHv2, encryption and decryption with public-key authentication differ. First, it uses both RSA and DSA keys. When the server would send an encrypted random number to the client, it signs the session key agreed upon using the Diffie-Hellman algorithm with a private key. The connection is verified by the SSH server using the user’s public key.

In addition, SSHv2-based systems may use external authentication methods based on Kerberos, X.509, and SmartCards.

Passing through the stages of user authorization allows you to start working on a remote computer. The first mode is the non-interactive execution of SSH commands issued from the client level. The second, more advanced mode, is to provide the user with a remote shell. It is a mechanism for remote access to a remote computer.

Security is the basis of running a business. Encrypting your data is important, but you also need to secure your website. Learn how to make WordPress secure!

How to use Secure Shell?

You can use various programs to connect SSH clients to the servers. The most popular are PuTTY and OpenSSH. Apart from these, you can also use other programs on numerous operating systems. SSHdos (for DOS), NiftyTelnet SSH (for mac OS), MindTerm (for Java), MSSH, WinSCP, TTSSH, and SecureCRT (for Windows).

PuTTY Configuration

To enable connection go to the Session tab. In the field Signed Host Name enter the name of the configured domain or the server IP address. In the Connection type, select the SSH option, the Open command, and enter the login and password. From now on, you can use the server via the SSH protocol.

To manage the server, execute shell commands in the shell console:

  • find – search for a file by name;
  • ls – list directory or file;
  • mkdir – create a new directory;
  • mv – move directory or file;
  • cp – copy directory or file;
  • rm – remove directory or file.

It is worth checking the option Logging turned off and Ask the user every time, and in the Terminal tab select:

  • Auto wrap mode initially on;
  • Use background color to erase screen;
  • Local echo – Auto;
  • Local line editing – Auto.

In the Keyboard tab, you should leave the default options. If you want to use accent marks in another language, check the last two options under Enable extra keyboard features. The Appearance tab allows you to select the appropriate font. You can make changes by pressing the Change option, thanks to which you will be able to modify the graphical user interface: choose the font type, style, and size.

In the Translation tab, I recommend selecting Use font in both ANSI and OEM modes. Then, from the Connection tab, select the xterm option, and enter the login in the auto-login username field. In the PuTTY client, it is possible to change the protocol from SSHv1 to SSHv2. If you want to choose the SSHv2 protocol, please refer to the SSH option and select version 2.


The more common way to connect to a server is FTP (File Transfer Protocol) and its secure alternative: FTPS. However, with FTP/FTPS you can only copy files to the server and download them to your device, while SSH session provides more possibilities than just transport layer security: you can work on the server and execute various commands.

What should you know about FTP?

Using Secure Shell technology the file does not need to be edited locally – you can operate on the server, which is a more convenient solution. The task of the SSH protocol is also to secure the connection by encrypted proxy connection.

Higher security and huge potential make Secure Shell the best solution for managing dedicated hosting or VPS. And since safety is one of the critical issues, I don’t have to explain it to you. Therefore, in addition to choosing SSH authentication, you also must choose the right hosting provider.

One of the most secure hosting providers is UltaHost. Security is UltaHost’s absolute priority. Several layers of protection against all threats, from Malware to DDoS, and the latest generation hardware with NVme SSDs make UltaHost a leader in secure hosting. In UltaHost you can choose server authentication by Secure Shell protocols and FTPS.

UltaHost secure your online presence by protecting your website reputation and visitors against cyber threats, and scan your website for malware and other vulnerabilities.

But UltaHost is not only a secure hosting platform. You will get 24/7 support from our support team. Our powered infrastructure focuses on auto-scaling and performance. Let us show you the difference! Check out our plans!   

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

How to Start a Dropshipping Business

Next Post

WordPress Error 500: Internal Server Error

Related Posts