Cradicle Explorer
CyberSec_Notes
/ Foundations / Core Concepts / SSH.md
SSH.md
 1  **Secure Shell (SSH)** is a cryptographic network protocol designed for secure communication over unsecured networks. It is primarily used for remote login and command execution, providing a secure alternative to older protocols such as Telnet and rlogin, which transmit data in plaintext.
 2  
 3  ## Key Features
 4  
 5  - **Encryption**: SSH encrypts all data transmitted between the client and server, ensuring that sensitive information remains confidential and protected from eavesdropping.
 6  - **Authentication**: SSH supports multiple authentication methods, including password-based authentication and public key authentication. Public key authentication is particularly popular for automating secure access without needing to enter passwords.
 7  - **Data Integrity**: SSH ensures that the data sent over the connection has not been altered during transmission through cryptographic hash functions.
 8  
 9  ## How SSH Works
10  
11  1. **Connection Establishment**: The SSH client initiates a connection to the SSH server, typically on port 22. The server responds by sending its public key to the client.
12  2. **Server Authentication**: The client verifies the server's identity using its public key. If the key matches a known host key, the connection proceeds; otherwise, a warning is issued.
13  3. **Key Exchange**: The client and server negotiate encryption algorithms and generate a shared session key using methods like [[Diffie-Hellman]] key exchange.
14  4. **Secure Communication**: Once the secure connection is established, all subsequent data exchanged is encrypted using the agreed-upon symmetric encryption algorithm.
15  
16  ## SSH Protocol Layers
17  
18  SSH consists of three main layers:
19  
20  - **Transport Layer**: Handles encryption, decryption, and integrity verification of data. It also manages server authentication and sets up secure connections.
21  - **User Authentication Layer**: Responsible for authenticating the client to the server using various methods, such as passwords or public keys.
22  - **Connection Layer**: Manages multiple logical channels over a single SSH connection, allowing different types of data streams to be transmitted simultaneously (e.g., terminal sessions, file transfers).
23  
24  ## Applications of SSH
25  
26  - **Remote Administration**: System administrators use SSH to manage servers and network devices securely.
27  - **File Transfers**: Secure File Transfer Protocol (SFTP), which operates over SSH, allows secure file transfers between systems.
28  - **Port Forwarding**: SSH can tunnel other protocols through its encrypted connection, allowing secure access to services on remote servers.
29  
30  ## Security Considerations
31  
32  SSH significantly enhances security compared to older protocols by encrypting traffic and providing robust authentication mechanisms. However, it is essential to manage keys securely and avoid weak passwords to prevent unauthorized access.