Secure Shell or SSH is a application protocol that allows data to be exchanged using a secure channel between two networked devices.
Used primarily on GNU/Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet.
The SSH protocol consists of three major components:
- The User Authentication Protocol authenticates the client to the server.
- The Connection Protocol multiplexes the encrypted tunnel into several logical channels.
Starting a shell or a command
Once the session has been set up, a program is started at the remote end.
The program can be:
- a shell (shell),
- an application program (exec), (The server SHOULD NOT halt the execution of the protocol stack when starting a shell or a program. All input and output from these SHOULD be redirected to the channel or to the encrypted tunnel.)
- or a subsystem with a host-independent name (subsystem). (It will execute a predefined subsystem. It is expected that these will include a general file transfer mechanism, and possibly other features.)
Only one of these requests can succeed per channel.
After the key exchange, the client requests a service. The service is identified by a name.
If the server supports the service (and permits the client to use it), it must accept it.
The SSH specification is the following set of specification:
Documentation / Reference
- Library Implementation: