How does SSH work – part one

SSH History

In the late 1980's and 1990's, network tools such as rlogin and telnet were commonly used for logins into remote machines, typically on Unix platforms. These tools allowed users to open command shells that permitted them to execute commands on the remote machines as if they were actually on the machine, and were extremely useful for systems administration.

There was one critical drawback - none of these tools were secure. Passwords were sent over networks in plaintext, meaning anyone able to sniff the network could obtain credentials for the remote machine. This problem is why Tatu Ylönen, a Finnish researcher at the Helsinki University of Technology, decided an secure network protocol was required. In 1995 he wrote the first version of SSH, known as SSH-1, and released it as freeware. It consisted of a secure server and client.

As its popularity grew rapidly, Ylönen founded SSH Communications Security to market and develop SSH as a proprietary product. In 1999 Björn Grönvall began working on an earlier freeware version, and the OpenBSD team forked his work to produce the freely available OpenSSH. Ports were soon made to many other platforms, and OpenSSH remains the most widely known and used version of SSH.

In 2006 SSH 2.0 was defined in RFC 4253. SSH-2 is incompatible with SSH-1, and has improved security and features, rendering SSH-1 obsolete.

SSH Overview

SSH is a secure network protocol that can used used on any platform for any purpose requiring secure network communication. Typical uses of include:

  • secure remote login tools, such as the ssh client
  • secure file transfer, such as the scp and sftp tools
  • secure port forwarding or secure tunneling

While SSH was first implemented on Unix, it was quickly implemented on other platforms and is today widely available.

SSH-2 uses a layered architecture, and consists of a transport layer, a user authentication layer, and a connection layer.

The transport layer runs over TCP/IP, and provides encryption, server authentication, data integrity protection, and optional compression. The user authentication layer handles client authentication, while the connection layer provides services such as interactive logins, remote commands, and forwarded network connections.

Future posts in this series will examine each of these layers in turn, as well as the SCP and SFTP protocols which run over SSH.

Posted by John Faulds in