What Is SSH (Secure ShelI)? Meaning, Working, Benefits and Limitations

• Secure Shell (SSH) is defined as a networking protocol that enables systems to communicate over an unsecured network.
• This article explains the fundamentals of SSH, its workflow, and its benefits and limitations.

What is SSH?

Secure Shell (SSH) is a networking protocol that enables systems to communicate over an unsecured network. It is a part of the application layer of the OSI model. It allows authorized users to control remote machines via the internet without having physical access.

SSH was introduced in the 1990s. It replaced the Telnet (Teletype Network) network protocol used by machines to interact with each other. Telnet typically transfers data without encryption. As a result, the data exchange was susceptible to man-in-the-middle attacks, implying anyone with a packet sniffer could listen to the conversation between you and the remote machine. 

A solution to such a problem is achieved through encryption. It hides the data and makes it unreadable to attackers. Thus, SSH emerged as a secure way of communication where encrypted data is transferred through a tunnel to keep the data in transit safe from bad actors. SSH means you can still see that the data is being exchanged between machines, but it is hard to determine what the data is.

SSH obeys a client-server model where one system is labeled as the SSH client while the other machine is called the SSH server or host. When the client connects to the server, the data communication proceeds through the shells, for example, Linux terminal shell or a Windows command prompt shell. Such shells allow the execution of commands on machines you are connected to. With SSH, you can talk to remote and your own operating systems.

SSH can be used to transfer data, commands, text, and files. Files can be transferred using SFTP (Secure File Transfer Protocol), an encrypted version of FTP.

See More: Intrusion Detection System vs. Intrusion Prevention System: Key Differences and Similarities

How Does SSH Work?

Under SSH, data is broken down into a series of packets. Packet transfer begins by fulfilling a few mandatory packet fields.

The topmost field is that of ‘Packet Length,’ which defines the size of the packet. Next, the field ‘Padding Amount’ reveals the padding present in the packet. After this, the actual data is added to the field ‘Payload,’ followed by another Padding field. This padding has no real significance but only adds random bytes to the packet. These bytes, when encrypted along with the payload, make it difficult to detect the actual data. Lastly, a ‘Message Authentication Code’ field is added to ensure the data is not tampered with during the packet transfer process.

Typically, the payload is compressed using standard compression algorithms to accommodate more data. The entire packet is then encrypted except for the length and authentication code fields.

The encrypted packet is then sent to the server. The server uses decryption and decompression methods to retrieve packet data from the payload. A similar procedure is followed for each packet transferred between the client and server.

Various data manipulation techniques are employed at multiple data transmission points to keep the SSH connection secure. Some common techniques include:

• Symmetrical encryption
• Asymmetrical encryption
• Hashing

Let’s understand each one in brief.

Common Data Encryption Techniques

1. Symmetric encryption

In a symmetric type of encryption, a single key is used to encrypt messages sent from the source to the destination and also decrypt messages received at the destination. It is also referred to as shared key encryption.

Each SSH session has a specific secret key making it difficult for the attackers to exploit man-in-the-middle attacks. However, problems may arise if the third party is listening to the communication when the initial key exchange happens. Such issues can be prevented by employing key exchange algorithms, which provide a secure way to exchange secret keys by limiting external interception. It is important to note that implementing key exchange algorithms demands the usage of asymmetric encryption.

2. Asymmetric encryption

Asymmetric encryption uses two separate keys, namely public and private keys, for encryption and decryption of data. Data encryption is accomplished using a public key stored on the SSH server, while data decryption is fulfilled using a private key stored locally on the SSH client.

This encryption type is more secure than the symmetric one implying that even if the attackers access the public key, they may not be able to decrypt the messages as they do not have the private key. Hence, as long as the private key is securely stored on your local device, your messages are safe from third-party attacks.

SSH connection uses asymmetric encryption at selective places. For example, the key exchange algorithm uses asymmetric encryption while exchanging keys in the initial stages.

3. Hashing

Hashing refers to a cryptographic method that secures shell connections. It creates a specific signature, also known as a summary of information for every data transfer. It is typically a one-way process wherein the generated hashed data cannot be decrypted by a third party.

In common scenarios, if attackers manage to deceive the client and the host, the communications can be easily tampered with. To tackle this problem, SSH uses Hash-based Message Authentication Codes (HMAC), which ensures that the data sent is received in its original and unmodified form.

The hash function ensures that each data transfer between the source and destination has an additional MAC component. MAC is the hash generated from a series of elements, such as the symmetric key, the sequence number of the packet, and the data content to be transmitted. The three information units are given as inputs to the hash function, which generates a random string. This generated string is sent to the host as a signature.

Once the host receives the signature, it can validate and verify whether the message being sent was tampered with while in transit. As the host already has the same information (i.e., the symmetric key, the sequence number of the packet, and the data content), it can use the same hash function to generate its own hash.

The generated hash is then matched with the one received during the data transfer. If the hash matches, the client’s signature gets verified, and the host can be sure that the data is not tampered with by a third party. The hashing technique works because even the slightest change in a message, such as capitalizing a letter, completely changes the hash (string/signature).

Using the above data manipulation techniques, SSH shells ensure that data packets are securely transferred between the client and the server.

See More: Top 10 Cyber Threat Intelligence Tools in 2022

Benefits and Limitations of SSH

SSH replaced the conventional remote shell protocols like Telnet, FTP, rsh (remote shell), rlogin (remote login), and rexec (remote execution) that exchanged information, including passwords in plain text. These older protocols were insecure and prone to security breaches. It led to the adoption of more secure SSH protocols.

Benefits and Limitations of SSH

Let’s take a look at some of the key advantages of SSH.

• Secure protocol: SSH uses data encryption to ensure secure communication between the client and the server.
• Management of remote computer: SSH supports the execution of shell commands on remote machines, much like giving instructions to a physical computer. SSH commands and scripts are useful for administrators as they can remotely view, remove, move, and manage files, folders, and directories.
• Multiplexing: SSH supports multiplexing where multiple data streams are in operation through one TCP connection. As a result, SSH makes resource sharing possible with minimum TCP connections.
• Tunneling: SSH has the inherent ability to use port tunneling and forwarding, wherein arbitrary data is transferred through an encrypted secure connection. Such a method can be employed when you intend to bypass restrictive firewalls.
• User access: SSH enables network administrators to control and limit user access to a network remotely.
• User authentication: Users can rely on SSH keys to authenticate themselves and log in to a system rather than using usernames and passwords. Typically, SSH keys are tougher to decrypt/crack than regular passwords. Thus, SSH keys protect systems from brute-force password attacks.
• Security in cloud computing: SSH shells/tunnels, when deployed in cloud settings, tend to solve connectivity problems. Moreover, they protect cloud-based virtual machines from security vulnerabilities as they are continually exposed to the internet.

Let’s now understand some of the limitations of SSH.

• Security vulnerabilities: SSH is a secure cryptographic network protocol. However, it has its own share of security vulnerabilities. For example, cybercriminals use SSH keys to create backdoors to sneak into corporate networks laterally. Upon successful network intrusion, the attackers launch brute force and malware attacks. SSH session hijacking and unauthorized access is another security vulnerability of the SSH protocol.
• Tunneling effects: Network administrators use SSH-enabled tunnels to enter a network from remote places. But outbound SSH transactions sometimes cause serious security vulnerabilities as they are generally unrestricted. Moreover, tunneling gives hackers a backdoor entry and, in some cases, violates security regulations like PCI and HIPAA. Compared to outbound SSH transactions, inbound SSH transactions are easy to control. For example, you can easily redirect port 22 (SSH) connections to a specific IP address.
• SSH keys: SSH keys are an alternative to passwords that users use to log in to the system. The SSH keys do not usually expire. In large enterprises, multiple SSH keys reside on several servers. SSH keys demand proper user key management. If not, it can cause a severe key sprawl which can allow hackers to exploit organizational networks. Moreover, SSH tunneling can also give attackers an opportunity to bypass firewalls and target network systems.
• Private key issues: Some servers share the same keys as they are preconfigured in a device. These devices can be accessed with the help of private keys that can be obtained through reverse engineering. Moreover, shorter and older keys imply that attackers can derive the values of private keys through trial and error.
• Slow connections: SSH can slow down its response speed to high-bandwidth commands or instructions due to slow connections.
• SSH mismanagement: Research studies suggest the primary reason for SSH security failures is SSH mismanagement by the IT departments.

See More: What is Risk Management? Definition, Process, Tools, and Uses

Takeaway

Under the SSH setup, the entire communication between the client and server stays encrypted.

SSH encryption of client data is accomplished by using the parameters agreed upon by the communicating parties when the initial connection is established between the two. Moreover, the clients and servers also negotiate on the symmetric encryption algorithm that generates encryption keys used for future communication.

Out of several algorithms, Advanced Encryption Standard (AES) is the most popular and strong encryption algorithm used in the SSH environment. Additionally, the SSH protocol also uses standardized hashing algorithms that ensure data integrity within networks.

Did this article help you understand the fundamentals of SSH? Let us know on FacebookOpens a new window , TwitterOpens a new window , or LinkedInOpens a new window . We’d love to hear from you!

Image source: Shutterstock

MORE ON NETWORK SECURITY

• What Is Clickjacking? Definition, Methods, and Prevention Best Practices for 2022
• What Is DDoS (Distributed Denial of Service)? Definition, Types, and Prevention Best Practices for 2022
• What Is Sandboxing? Meaning, Working, Benefits, and Best Practices for 2022
• What Is Adware? Definition, Removal, and Prevention Best Practices for 2022
• Top 11 Malware Scanners and Removers in 2022