Secure Shell (SSH) is a secure way of transmitting data over TCP/IP networks from one computer to another. It utilizes strong encryption and authentication to ensure confidentiality, integrity, and authenticity of the transferred data. Secure Shell is originally developed by SSH Communications Security and is today used by millions worldwide for secure system administration, secure file transfer, and secure application connectivity.
Threats Prevented by Secure Shell
Secure Shell can be used to protect data in transit against the following network security threats:
Password Exposure
Secure Shell eliminates the risk of password exposure in data communications. Unlike many widely used host access protocols like Telnet or FTP (File Transfer Protocol), Secure Shell does not send passwords over the network in plaintext format, making it impossible for outsiders to "sniff" the passwords. As an alternative option for password authentication, Secure Shell also allows integration with smart cards and other hardware tokens for strong, two-factor authentication.
Data Eavesdropping
Secure Shell implements encryption to prevent eavesdropping of confidential data while it travels over TCP/IP networks. Combining strong encryption and authentication, Secure Shell ensures that only the legitimate recipients can access the transmitted data.
Man-in-the-Middle Attack
In the man-in-the-middle attack, an attacker residing between the client and server modifies the data communications. The Secure Shell protocol implements server authentication and cryptographic integrity checks to ensure that the transferred data cannot be modified undetected.
Applications for Secure Shell
Secure Shell is used by millions worldwide for:
Secure System Administration
Secure Shell was originally created to provide secure terminal (shell) access to Unix servers over TCP/IP networks. Still today, secure replacement of Telnet-based terminal connections between Windows workstations and Unix/Linux/Windows servers is one of the most widespread uses of the technology. One of the key user groups for secure terminal access are system administrators who have adopted Secure Shell as the de-facto standard for administrating remote Unix servers and other network devices.
Secure File Transfer
Secure Shell provides secure drop-in replacement functionality for FTP and is commonly used to implement periodic and ad-hoc file transfers between enterprise servers. These file transfers typically involve operations such as database backups, log file collection, and business transactions. The SFTP (Secure FTP) features of Secure Shell can be used to implement secure file exchange in both internal networks and extranet environments.
Secure Application Connectivity
Secure Shell offers two different means of securing application connections between enterprise end-user workstations and application servers. With command-line applications, it can be used as a secure terminal for replacing Telnet-based host access. Alternatively, Secure Shell port-forwarding functionality can be used to tunnel TCP application connections without the need to replace the underlying application program and user interface. The port-forwarding feature makes Secure Shell a generic solution for protecting application protocol connections end-to-end.
History of Secure Shell
Secure Shell was invented in 1995 by Tatu Ylonen who was working as a researcher in the Helsinki University of Technology in Finland. Driven by a security incident in the university network, he created the new Secure Shell technology to encrypt transferred data, including passwords, in TCP/IP networks. The first implementation, called Secure Shell version 1 (SSH1), was released to the public in summer 1995. Just in days it was adopted by users around the world.
Still during the same year, Tatu Ylonen founded SSH Communications Security to respond to the growing need for commercially developed and supported Secure Shell solutions with enterprise-level functionality and features. Today, SSH Communications Security develops and markets enterprise-class Secure Shell products under the brand name “SSH TectiaTM”. Secure Shell is also available as an open-source implementation called OpenSSH, which is a derivative of Tatu Ylonen's original Secure Shell (SSH1) code.
To overcome the limitations and certain security issues of the original SSH1 protocol, SSH Communications Security decided to re-write the protocol specifications in 1998. The new, more functional and secure protocol version (SSH2) was also submitted to the IETF (Internet Engineering Task Force) SecSh working group for standardization.
In 2005, 10 years since the invention of SSH1, SSH Communications Security rolled out the third complete re-implementation of the Secure Shell protocol called SSH G3 as a part of its SSH Tectia products. The new SSH G3 protocol architecture is based on and compatible with the SSH2 standard but introduces architectural optimizations and extensions that considerably improve Secure Shell performance, making it ideal for throughput-intensive file transfers and applications.
Finally in early 2006, the Secure Shell protocol reached Proposed Standard Status in the IETF standardization process, granting the protocol a status similar to other IETF standard technologies such as TCP, IP, and HTTP. The seven Secure Shell Proposed Standard RFC documents are RFCs 4250 – 4256.
More Information
To learn more about the Secure Shell technology, please read the Secure Shell - The Definitive Guide book published by O'Reilly. The three first chapters are available for online viewing in the SSH Resource Center:
Chapter 1: Introduction to SSH
Chapter 2: SSH Client Use
Chapter 3: Inside SSH
The IETF Secure Shell Proposed Standard RFC documents and other related specifications are available at http://www.ietf.org/html.charters/secsh-charter.html.
