What is SSH?
Description of the Secure Shell (SSH) for remote server management.
SSH (Secure Shell) is an application-layer network protocol that enables remote management of an operating system and secure file transfer. It encrypts all traffic — including passwords — making it significantly more secure than older protocols such as Telnet and rlogin. SSH supports a variety of encryption algorithms and is available for virtually every major operating system. SSH can tunnel other network protocols over an insecure channel, allowing remote command-line access to a computer, as well as encrypted transmission of audio or video streams. This is achieved through port forwarding (TCP tunneling). SSH also supports data compression before encryption, which is especially useful when running remote X Window System clients over slower connections.
History and Development of SSH
The first version of the protocol, SSH-1, was created in 1995 by Finnish researcher Tatu Ylönen at the Helsinki University of Technology. SSH-1 was designed to provide better confidentiality than rlogin, telnet, and rsh. In 1996, a more secure and incompatible version — SSH-2 — was developed. The protocol quickly gained widespread adoption, reaching approximately two million users by 2000. In 2006, the SSH protocol was standardized by the IETF as an Internet Standard. However, even today, certain countries still require special permission to use specific strong encryption methods, including some used in SSH.
Modern implementations (including OpenSSH since ~2017) have completely removed support for SSH-1. Virtually all current usage relies on SSH-2.
SSH Implementations
There are two main categories of SSH implementations: commercial proprietary and free open-source. The most widely used open-source implementation is OpenSSH. As of the mid-2000s, it was already running on about 80% of Internet-connected computers, and today it remains the dominant SSH implementation worldwide (included by default in almost all Linux distributions, macOS, and available for Windows). The original commercial implementation is developed by SSH Communications Security (formerly SSH Inc.) under the product name Tectia SSH (previously SSH Tectia / SSH Secure Shell). It is a paid enterprise-grade solution, often chosen in regulated industries (banking, government, critical infrastructure) for features such as FIPS 140-2/3 certification, quantum-safe cryptography options, zero-trust editions, centralized management, and commercial 24/7 support. It is still actively developed and updated as of 2025–2026.
SSH Security
SSH-2 is resistant to man-in-the-middle (MITM) attacks — unlike Telnet, where traffic sniffing reveals everything. It also protects against session hijacking and DNS spoofing attacks when properly configured.
Modern recommendations (2025–2026):
- Use Ed25519 or ECDSA keys instead of old RSA-SHA1,.
- Prefer rsa-sha2-256/512 for RSA keys.
- Disable weak / deprecated algorithms (e.g., SHA-1, DSA, old key-exchange methods).
- Enable post-quantum hybrid key exchange where available.
Examples of SSH Usage
- Connecting to a local SSH server on a non-standard port:
$ ssh -p 30000 user@127.0.0.1 - Generating a strong 4096-bit RSA key pair:
$ puttygen -t rsa -b 4096 -o sample
More detailed guides on connecting via SSH:
- Connecting to a VPS or dedicated server via SSH on Windows
- Connecting to a VPS or dedicated server via SSH on macOS
- Setting up SSH key authentication on the server
Some clients, such as PuTTY, offer a graphical user interface.
For SSH usage in Python, popular libraries include python-paramiko и python-twisted-conch.
Security Recommendations
- Disable remote root login (PermitRootLogin no).
- Disallow empty passwords.
- Change the SSH server port from the default 22 to a non-standard one.
- Use strong, modern key types (preferably Ed25519, or at minimum 4096-bit RSA with SHA-2).
- Consider certificate-based authentication or multi-factor authentication for high-security environments.
References
Standards
Terminal Access Software
- OpenSSH — the leading free SSH suite
- PuTTY — popular cross-platform SSH client with GUI
- Tectia SSH — enterprise/commercial SSH solution