Blog Post View

What is SSH?

Secure Shell (SSH) is a cryptographic protocol with the focus for secure data communication over a network. It's most common application is for remote login by users onto other systems; usually servers. The protocol was designed to be the successor and replacement to Telnet and other similar unsecured remote shell protocols as they all sent information in plain text which made them privy to attacks. As this information was user login credentials, the demand for the encryption of this data was something deeply sought after to ensure security. While the protocol does achieve this function, recent incidents involving the files leaked by Edward Snowden has revealed that the National Security Agency (NSA) is actually capable of sometimes decrypting the protocol.

Usability

The protocol was built with the client-server model in mind and saw most of its use on Unix-based systems as the main application for access to shell accounts but it did eventually see some further use on the Windows operating system in later years as it received native-support for it. It should be noted however, that despite the Windows platform does now provide support for the protocol, it is not installed on the platform by default like most other operating systems (Linux, MacOS, FreeBSD, Solaris, etc). In the modern world, its main use is for remote access onto a machine and to execute commands to that machine over a network but it does also have support for TCP port forwarding, tunnelling, and X11 connections. It is also connected in the SSH File Transfer Protocol (SFTP), Files Transferred over Shell Protocol (FISH), Fast and Secure Protocol (FASP), Secure Copy Protocols (SCP), and rsync; all of which are file transfer mechanisms.

In the spirit of creating applications which utilized the protocol; particularly for the Windows platform which is one of the most commonly used ones, there do exists a few application which can be used to utilize SSH. The most notable of these are PuTTY and WinSCP which also provide a Graphical User Interface (GUI) for use, something which isn't provided by most of the aforementioned platforms. Cygwin is another common application used and to setup a SSH server on Windows, it usually had to be done through it. These applications functioned as SSH daemons which made it possible to connect the machines with them remotely.

Development and Improvements

The first iteration of SSH was designed in 1995 (now called SSH-1) by Tatu Ylonen after he suffered a password-sniffing attack at the university he worked at. The tool was implemented as freeware and immediately saw popularity when its feature of encryption was realized by the masses.

Following SSH-1, a revised version of the protocol came to light in 2006; dubbed SSH-2, and was created by the Internet Engineering Task Force (IETF) who had originally called it “secsh”. Despite being an improved version, SSH-2 was incompatible with its predecessor; however, its security and features were better. This was in part thanks to the Diffie-Hellman key exchange and message authentication codes which saw the protocol's security being improved while for features, there was the added ability to run any number of shell sessions over one SSH connection. This saw some implementations such as Lsh and Dropbear only utilizing SSH-2 instead of both versions in preference for these improvements. Eventually, there was a means of identifying servers which supported both versions called SSH v1.99 (despite version 2.1 was already released).

In 1999, there was a desire to create a free open-source version of the protocol which saw the creation of Bjorn Gronvall's OSSH; although, it was based on version 1.2.12. After that, the developers behind OpenBSD built off of this and made their own version called OpenSSH, which shipped with their 2.6 release version of OpenBSD and included a portability feature to port OpenSSH to other operating systems. Since then, OpenSSH has become the most commonplace SSH implementation and even supports SSH-2 (and not SSH-1.99) while OSSH has become obsolete.

Share this post

Comments (0)

    No comment

Leave a comment

Login To Post Comment