Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
SSH is typically used to log into a remote machine and execute commands. It is typically used with the SSH-2 protocol (TCP port 22) to provide secure file transfer, but its also can be used with the other protocols.
Compared to the earlier SCP protocol, which allows only file transfers, the SFTP protocol allows for a range of operations on remote files.
Features of SFTP:
An SFTP client’s extra capabilities compared to an SCP client include resuming interrupted transfers, directory listings, and remote file removal.
The following safeguards are provided by SSH:
i). The client transmits its authentication information to the server,such as a username and password, in an encrypted format.
ii). All data sent and received during the connection is transferred using strong,128 bit encryption, making it extremely difficult to decrypt and read.
The goal of SSH was to replace the earlier rlogin, TELNET and rsh protocols, which did not provide strong authentication or guarantee confidentiality. Toward the end of 1995, the SSH user base had grown to 20,000 users in fifty countries.
SSH is most commonly used:
i). SSH combined with rsync protocol to backup, copy and mirror files efficiently and securely.
ii). Sometimes you may log into one machine from your local host, then login from there to another machine, and run an X application (eg. Mspaint,MSword) on the last machine to display on your local display.
Why Use SSH?
i). Threats to network traffic include packet sniffing, DNS and IP spoofing and the rise of fake routing information.
ii). If SSH is used for remote shell logins and file copying, these security threats can be greatly diminished.
iii). A server’s digital signature provides verification for its identity.
iv). Attempts to spoof the identity of either side of a communication will not work, since each packet is encrypted using a key known only by the local and remote systems.