What is SSH Protocol?
Secure Shell Protocol or SSH Protocol is a protocol for secure remote login over an insecure network. SSH achieves to provide a secure channel over the insecure channel by using client-server architecture, connecting an SSH client to the SSH server. The client initiates the connection by sending a request to initiate contact with the server. The server then sends the public key to the client to establish a connection. Next, the parameter negotiation takes place between the server and the client and the secure channel is available for use. Finally, the user has to login to the server host OS.
Strong Authentication with Secure Shell Protocol keys
There are several ways of implementing Secure Shell Protocol:
- Use the automatically generated public-private keys pairs to establish a secure encrypted network connection. Next, use the password authentication to log on.
- Use a public-private key pair generated manually to perform authentication. Thus allowing users to log in without having to provide a password. In this case, anyone can produce a matching pair of different public-private keys. All computers have a public key that must allow access to the owner of the matching private key. transfer of private key never takes place during authentication as the authentication is based on it. SSH verifies the user by checking whether the person offering the public key owns the matching private key or not.
Strong Encryption and Integrity Protection
The SSH Client establishes a connection with the server. The encryption of the transmitting data takes place according to the negotiation parameters in the setup. In this negotiation, the client and server agree on the encryption algorithm. Generation of the Encrypted key takes place. The traffic between the parties that are communicating is protected using strong encryption algorithms. The SSH protocol even includes a mechanism for ensuring the integrity of the data being transmitted. This is achieved by using standard hash algorithms such as SHA-2 commonly known as Standard Hashing Algorithm.
The Architecture of Secure Shell Protocol
Secure Shell Protocol has internal Architecture. Well-Separated layers are as follows:
- The Transport Layer: The transport layer is responsible for the initial key exchange. It also handles Server Authentication and sets up encryption and integrity verification.
- The User Authentication Layer: The user authentication layer is responsible for client authentication and provides a number of authentication methods. Authentication is client-driven. Widely used authentications are Password, Public-key, and keyboard-interactive (OTP).
- The Connection Layer: The connection layer is responsible to define the concept of channels, and provide channel requests and global requests. Using this request, We provide Secure shell Protocol Services. A single Secure Shell connection can host multiple channels simultaneously, that too, transmitting data in both directions. Different types include shell, direct-tcpip, forwarded-tcpip.
Applications of Secure shell Protocol
The primary use of SSH is to log in to a remote machine and execute the command. In addition, it can also support tunneling, forwarding TCP ports, and X11 connections. Uses of Secure Shell Protocol are:
- To set up automatic (passwordless) login to a remote server.
- For backing up, copy and mirror files efficiently and securely.
- For forwarding a port.
- To use a full-fledged encrypted VPN.
- To develop a mobile or embedded device that supports SSH.
