About the Secure Shell Protocol

Connectivity Secure Shell

About the Secure Shell Protocol

Secure Shell (SSH-2) is a TCP-based client/server protocol that provides the staples of secure networking:

  • Authentication—Confirms the identity of both the server and the client user before initiating a Secure Shell session.
  • Encryption—Encrypts information transferred over the network. Only the intended recipient can decrypt the information to view it.
  • Data integrity—Ensures that the data that is sent is the same when it arrives at its destination.

A Secure Shell session, or tunnel, is an authenticated and encrypted SSH-2 connection initiated from a Secure Shell client to a host on the network that is running a Secure Shell server.

During the initial negotiation of this connection, both the server and client are authenticated. Server authentication is performed initially using public key exchange, and a number of authentication methods are supported for client authentication.

  In spite of this authentication, there remains the risk of a man-in-the-middle attack during the initial connection.

Once the tunnel is established, the information channelled through it is encrypted using any of a number of supported encryption ciphers including Blowfish, 3DES, CAST128, and the U.S. Advanced Encryption Standard (AES). To protect the integrity of the data, SSH-2 supports Hash Message Authentication Code (HMAC) algorithms.

Related Topics

About Secure Shell Sessions

About Certificate and Key Manager