What is SSH (Secure Shell)? | SSH Academy

This is the home page of the SSH (Secure Shell) protocol, software, and related information. SSH is a software package that enables secure system management and file transfers over insecure networks. It is used in almost every data center and every large enterprise.

This page was created by the inventor of SSH, Tatu Ylonen (twitter: @tjssh). He wrote ssh-1.x and ssh-2.x, and still works on related topics. The implementation of open-source OpenSSH is based on its free version.

New call to action

The

SSH protocol The SSH protocol

uses encryption to secure the connection between a client and a server. All user authentication, commands, output, and file transfers are encrypted to protect against network attacks. For more information on how the SSH protocol works, see the protocol page. To understand the SSH file transfer protocol, see the SFTP page.

SSH Simplified Protocol Diagram

Download client software

Here you can find links to download several free SSH implementations. We offer several free SSH implementations to download and provide links to commercial deployments.

Download

  • PuTTY Download

  • SSH clients New call to actionList of SSH implementations Here we list several SSH

implementations

. Feel free to submit additional implementations for this page. For many implementations, we offer a review, installation instructions, guidance, and/or procedures on this site.

Tectia SSH client and server for Windows, Unix, Linux – with 24×7 support Tectia SSH for IBM z/OS client and

  • server for mainframes IBM z/OS – with 24×7 support

  • PuTTY

  • Client for Windows and Linux

  • WinSCP

  • Client for Windows

  • CyberDuck Client for Mac

  • OpenSSH Server for Unix, Linux

  • Overview of

  • client alternatives Overview of alternatives

  • Server

    Alternatives to Windows

  • SSH

  • PrivX™ Privileged Access Management for Multiple Clouds

Running and configuring SSH

This section contains links about using

, configuring, and managing SSH. Tectia SSH Manuals command-line options SSH SSH – The SSH server on Unix/Linux sshd_config – Server configuration file on Unix/Linux

  • ssh_config – Client configuration file on

  • Unix/

  • Linux

  • SSH

  • port, and how it

  • got that number

SSH

security

and attacks against it

The SSH protocol is believed to be secure against cryptographic attacks on the network, as long as the keys and credentials are properly managed. However, we do not recommend using the diffie-hellman-group1-sha1 key exchange. It uses a 768-bit Diffie-Hellman group, which may be breakable by today’s governments. Larger groups are probably fine. Recent versions of OpenSSH have disabled this group by default. See sshd_config to configure which key exchanges to use.

  • BothanSpy and Gyrfalcon Review: The CIA’s Alleged Hacking

  • Tools Man-in-the-middle attacks against

  • SSH

  • Imperfect forward secret: how Diffie-Hellman fails in practice

ssh key managementAutomate with SSH keys, but manage them

SSH keys can be used to automate access to servers. They are commonly used in scripts, backup systems, configuration management tools, and by developers and system administrators. They also provide single sign-on, allowing the user to move between their accounts without having to type in a password each time. This works even across organizational boundaries, and is very convenient.

However, unmanaged SSH keys can become a major risk in larger organizations.

What

  • is an

  • SSH key What does Universal SSH

  • Lifecycle Management mean

  • ? SSH Key Manager ssh-keygen – Create

  • ssh-copy-id keys – Provision access

  • on authorized_keys servers –

  • PrivX

  • On-Demand

  • Access

  • Manager

authorized key file format it can be used as an alternative to SSH keys, completely eliminating the need for permanent keys and passwords on servers.

History of the SSH

protocol

The Secure Shell protocol was originally developed by Tatu Ylonen in 1995 in response to a hacking incident on the Finnish university network. A password tracker had been installed on a server connected directly to the backbone, and when it was discovered, it had thousands of usernames and passwords in its database, including several from Ylonen’s company.

That incident prompted Ylonen to study cryptography and develop a solution that he could use himself for remote logging over the Internet securely. His friends proposed additional features, and three months later, in July 1995, Ylonen released the first version as open source. It became OpenSSH. He later took the protocol for standardization at the IETF and designed the SSH File Transfer Protocol (SFTP). He founded SSH Communications Security Corp in December 1995 to provide commercial support for the protocol.

Ylonen still works on issues related to Secure Shell, particularly around key management, as well as broader cybersecurity issues.

Today, the

protocol is used to manage more than half of the world’s web servers and virtually all Unix or Linux computers, on-premises and in the cloud. Information security specialists and system administrators use it to configure, manage, maintain, and operate most firewalls, routers, switches, and servers in the millions of networks and mission-critical environments of our digital world. It is also integrated into many file transfer and system administration solutions.

The new protocol replaced several legacy tools and protocols, including telnet, ftp, FTP/S, rlogin, rsh, and rcp.