SSH (Secure Shell)

Definition

SSH is a cryptographic network protocol for secure remote login, command execution, and data transfer over an insecure network. It provides encrypted communication, authentication, and integrity protection.

SSH replaces insecure protocols like Telnet, rlogin, and FTP. It operates on port 22 by default and uses public-key cryptography for authentication.

Key Concepts

  • Public-Key Authentication: Client proves identity using a private key; server has the public key
  • Password Authentication: Traditional username/password (less secure, but still used)
  • Host Key Verification: First connection warns about the server’s fingerprint
  • Port Forwarding/Tunneling: Forward local/remote ports through SSH encrypted channel
  • SCP/SFTP: File transfer protocols over SSH
  • SSH Agent: Caches decrypted private keys to avoid repeated passphrases
  • Known Hosts: ~/.ssh/known_hosts stores server fingerprints to detect man-in-the-middle attacks

SSH Key Types

Key Type Default Bits Security Level
ed25519 256 High, fast, recommended
RSA 3072+ High, widely compatible
ECDSA 256+ High, smaller keys
DSA 1024 Deprecated, do not use

Common SSH Commands

ssh user@host              # Connect to remote host
ssh -i key.pem user@host   # Use specific key file
ssh -L 8080:localhost:80   # Local port forwarding
ssh -R 9090:localhost:80   # Remote port forwarding
ssh-keygen -t ed25519      # Generate ed25519 key pair
scp file user@host:/path    # Secure file copy
sftp user@host              # Secure interactive file transfer

SSH Security Best Practices

  • Use ed25519 keys (not DSA)
  • Disable password authentication, use key-only
  • Disable root login (PermitRootLogin no)
  • Use Fail2Ban or similar for brute-force protection
  • Rotate keys regularly
  • Use SSH config file for host-specific settings
  • Tls — SSH tunneling can create secure tunnels
  • Firewall — SSH port 22 is a common attack target

References