SSH protocol: usage, versions and implementations

SSH Secure Shell protocol

SSH, short for Secure Shell, is a remote administration and network protocol; originally designed to replace Telnet and other unsecured protocols such as the Berkeley Remote Shell (rsh). SSH enables secure remote system administration and file transfer over unsecured networks. In this article we will talk about the SSH protocol and its versions, SSH clients and servers, implementations, usage, etc.

What is the SSH protocol and what is it used for?

The SSH protocol is used for securing network services over an unsecured network. It is used in almost all data centers nowadays. Secure Shell uses a client-server architecture to provide a secure channel over an insecure network. As defined by The Internet Society document describing the architecture of the Secure Shell (SSH) protocol:

“The Secure Shell (SSH) Protocol is a protocol for secure remote login and other secure network services over an insecure network.”

This cryptographic network protocol is used for securing all kinds of network services. It uses encryption to secure the connection between the SSH client and server, protecting against attacks in the network. SSH allows accessing command lines, executing commands, logging in and performing sysadmin tasks remotely and securely. Besides, the SSH protocol is also used in diverse file transfer mechanisms. For instance:

  • SFTP (SSH File Transfer Protocol; a secure alternative to FTP).
  • FASP (Fast and Secure Protocol).
  • SCP (Secure copy).

The protocol’s encryption aims to provide strong data confidentiality and integrity. SSH uses public-key cryptography for its authentication mechanism — known as “public-key authentication”. Besides, it also supports password-based authentication.

Main ways to use SSH

  1. Using automatically generated public-private key pairs to encrypt a network connection and log in using a password.
  2. Using manually generated public-private key pairs to perform the authentication. This way users and programs can log in without a password.

Unknown public keys must always be verified in all SSH versions before being accepted as valid; in order to avoid authorizing an unauthorized attacker as a valid user.

SSH and cloud computing

In cloud computing, SSH is useful for solving connectivity problems and avoiding security issues. An SSH tunnel can provide a secure path over the Internet, through a firewall, avoiding the exposure of virtual machines directly on the Internet.

SSH client and SSH server

SSH clients

A SSH client is a software that uses the Secure Shell protocol to connect to a remote computer.

Examples of SSH clients

Here are some examples of SSH clients:

SSH ClientDeveloperReleasedLatest releaseCurrent versionLicense
SecureCRTVanDyke SoftwareJune 1998September 20219.1Proprietary software
OpenSSHThe OpenBSD projectDecember 1999August 20218.7BSD
ZOC TerminalEmTec, Innovative SoftwareJuly 1995August 20218.02.7Proprietary software
PuTTYSimon TathamJanuary 1999July 20210.76MIT
wolfSSHwolfSSLJuly 2016July 20211.4.7GPLv3 and proprietary software
Bitvise SSH ClientBitvise Limited2001July 20218.49Proprietary software
Tera TermTeraTerm Project2004June 20214.106BSD
TtyEmulatorFCS SoftwareMay 2002March 20214.6.0.0Proprietary software
DropbearMatt JohnstonApril 2003October 20202020.81MIT 

For further examples and details about existing SSH clients, you can visit Wikipedia’s comparison of SSH clients.

SSH servers

A SSH server is a software that uses the Secure Shell protocol to accept connections from remote computers.

Examples of SSH servers

Here are some examples of SSH servers:

SSH ServerDeveloperReleasedLatest releaseCurrent versionLicense
OpenSSHThe OpenBSD projectDecember 1999August 20218.7BSD
Bitvise SSH ServerBitvise Limited2001July 20218.49Proprietary software
wolfSSHwolfSSLJuly 2016July 20211.4.7GPLv3 and proprietary software
Apache MINA SSHDApache Software Foundation2009May 20212.7.0Apache 2.0
CopSSHItefixAugust 2003March 20217.5.0Proprietary software
CrushFTP ServerCrushFTP, LLCJanuary 2003February 202110.0.0Proprietary software
TeleportGravitationalJune 2016May 20216.2Apache 2.0
DropbearMatt JohnstonApril 2003October 20202020.81MIT

For further examples and details about existing SSH clients, you can visit Wikipedia’s comparison of SSH servers.

Versions of SSH

The specification of the SSH protocol includes two major versions: SSH-1 and SSH-2. Version SSH 1.99 is also worth mentioning, although it is not a version as such.

SSH-1

The first version of the SSH protocol was SSH-1. SSH-1 was designed by the Finish researcher at Helsinki University of Technology, Tatu Ylönen, in July 1995. Tatu Ylönen decided to create this first version of the SSH protocol after a password-sniffing attack at his university’s network. Its goal was to provide strong authentication and confidentiality, as opposed to that offered by already existing protocols — rlogin, Telnet, FTP and rsh.

SSH-1 was released as a freeware and quickly gained in popularity. As a result, by the end of 1995, the researcher founded SSH Communications Security to further develop and market SSH. So, while the original version was mainly composed of free software, the later versions included an increasing number of proprietary software.

SSH-2

SSH-2 is the second version of the SSH protocol. Its development was undertaken by a working group officially called “Secsh” by the IETF (Internet Engineering Task Force). The version 2 of the Secure Shell protocol was adopted as a standard in 2006 and is incompatible with the previous version, SSH-1. SSH-2 includes new features and security improvements, for instance: integrity checking using message authentication codes and the ability to run any number of shell sessions over a single SSH connection.

SSH 1.99

According to the RFC 4253 specification, SSH servers supporting both SSH-1 and SSH-2 should identify its protoversion as SSH 1.99, in order to identify backward compatibility.

Popular SSH implementations

OpenSSH, PuTTY and Tectia SSH are some of the most popular SSH implementations. Although, as shown in the tables of SSH clients and servers above, there are many options available.

OpenSSH, short for OpenBSD Secure Shell, stands out as one of the top open source implementations of the SSH protocol. It is a suite of secure networking applications based on the SSH protocol. Besides, as an odd fact, with the OpenSSH client-server implementation, it is possible to use the SSH protocol to implement a VPN.

Share it on Social Media!