Secure remote session: SSH

The Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network and is standardized by the IETF secsh working group.

It is a replacement for remote session programs such as Telnet and rlogin, providing a secure connection with strong authentication and encryption to protect not only the authentication process but also the session data.

It consists of three major components: Transport Layer Protocol, User Authentication Protocol, and Connection Protocol.

The Transport Layer Protocol provides server authentication, confidentiality, and integrity. It may optionally also provide compression and will typically be run over a TCP/IP connection, but might also be used on top of any other reliable data stream.

The User Authentication Protocol authenticates the client-side user to the server. It runs over the transport layer protocol.

The Connection Protocol multiplexes the encrypted tunnel into several logical channels. It runs over the user authentication protocol.

The client sends a service request once a secure transport layer connection has been established. A second service request is sent after user authentication is complete. This allows new protocols to be defined and coexist with the protocols listed above.

The connection protocol provides channels that can be used for a wide range of purposes. Standard methods are provided for setting up secure interactive shell sessions and for forwarding ("tunneling") arbitrary TCP/IP ports and X11 connections.

There are two versions of SSH protocol: SSHv1 and SSHv2. They are very different protocols and do not interoperate. SSHv2 is significantly more secure, including the use of stronger ciphers for encryption. SSHv1 has structural weaknesses which leave it potentially open to man-in-the-middle and other attacks.

Because of its weaknesses and limitations, SSHv1 is obsolete and should be avoided whenever possible. OpenSSH is the Open Source implementation of SSH developed mostly by FreeBSD developers. It has become the most popular and widely adopted implementation of SSH in UNIX systems and can be found at