SSH
The SSH (Secure Shell) protocol allows for secure access between users over an unsecured network through a proprietary encryption protocol. Tatu Ylonen, a Finnish university student, devised SSH in 1995 in response to a password-sniffing attack on his university's network. Ylonen went on to found SSH Communications Security, where he partnered with the Internet Engineering Task Force (IETF) for formal standardization.
SSH quickly replaced the text-based, insecure Telnet protocol as the preferred method for remote access. It was also a significant improvement for file transfers over less secure methods like FTP.
Easy Universal SSH Configuration
Most major operating systems permit SSH functionality by default through simple configuration changes. On a Mac, for example, the user can start an SSH server and enable remote login through the Shared Preferences Panel. Similar configuration settings exist in other popular operating systems like Windows.
After configuring SSH settings, users interact with a solution that provides SSH client access, set up to encrypt shared data across the SSH server.
How is SSH Used?
SSH connections are most commonly used for:
- Secure file transfer
- Terminal access
- Remote admin functions
- Port forwarding
The overarching role SSH plays is to create a secure pathway for sharing data across an insecure network. Typically, the insecure network is the Internet at large. SSH protects data through the use of encrypted authentication keys.
How Does SSH Work?
To understand SSH encryption for file transfers, imagine two users passing a briefcase (or shell) containing sensitive data across a public space.
The first user places data inside the briefcase, locks it with his own lock, and then ships the data to the second user. When the second user receives the briefcase, he cannot access the data yet. Instead, he adds his own lock to the briefcase and sends the briefcase back.
When the first user receives the briefcase, now with two locks, he unlocks his own lock and sends it back again. Now, the second user can unlock his lock to access the data.
The data is locked securely within the briefcase the entire time it's in transit. While other people on the network might be able to see that data is being shared, only the two users connected through SSH can access it.
Similar processes apply to remote access applications and local & dynamic port forwarding, where data is securely tunneled around a network's firewall. Tunneling allows users to port in to work from home through local port forwarding. Dynamic port forwarding allows access to the Internet through a user's home computer while they are logged into a network that is blocking online access.
SSH Security
SSH is secured with strong authentication and encryption technology. The protocol uses a client-server model where the connection is established when the SSH client connects to the SSH server. Once established, an SSH client-server connection encrypts and transmits data according to the parameters established during setup.
SSH Encryption
The SSH client uses public key cryptography to verify the SSH server's identity. Then, the SSH protocol secures the exchanged data by using secure symmetric encryption (often AES encryption) and “hashing algorithms."
SSH Authentication
There are several ways to authenticate users. The most common methods involve passwords and public key authentication.
Public key authentication uses a cryptographic key pair composed of a public key and a private key. The public SSH key is configured on an SSH server to authenticate access and allow access to users who have a copy of the private SSH key.
This key-based authentication process is commonly found in automated systems and often used to integrate applications. Many organizations create a large number of SSH keys that must be carefully tracked.
The SSH protocol generates keys with symmetric encryption, commonly using the Advanced Encryption Standard (AES). The SSH protocol also uses Standard Hash Algorithms (SHA) to protect transmissions.
SSH Precautions: Terminate Old Keys
Although cumbersome, it's essential to manage and protect an organization's SSH keys.
SSH keys should be protected at least as well as user passwords are protected. Like passwords, SSH keys should be updated and terminated on a regular schedule and whenever an employee leaves a role.
In fact, an estimated 90 percent of SSH keys are unused but still active. These unused keys are vulnerable to outside access if they are not adequately managed or terminated.