π What SSH Is (and Why It Matters)
SSH (Secure Shell) is a protocol used to securely access and control remote computers over a network.
Instead of sending data in plain text (like Telnet), SSH:
Encrypts everything
Protects passwords
Secures commands and file transfers
Prevents eavesdropping and tampering
It is the modern secure replacement for older remote login tools.
πͺ Step 1: The Connection (Port 22)
By default:
SSH runs on TCP port 22
The SSH client connects to an SSH server (running
sshd)Once connected, a secure tunnel is created
Firewalls often allow port 22 for administrative access.
π Step 2: Cryptography β How the Secure Tunnel Is Built
SSH uses multiple layers of cryptography.
1οΈβ£ Asymmetric Cryptography (Key Exchange)
When you connect:
Client and server negotiate encryption algorithms
They perform a key exchange (often ECDH or DiffieβHellman)
They generate a shared secret
Important:
The shared secret is never transmitted
Both sides compute it independently
This protects against interception
2οΈβ£ Symmetric Encryption (Session Phase)
After the shared secret is created:
A session key is derived
All data is encrypted using fast symmetric encryption (like AES)
Why symmetric?
Much faster than asymmetric
Efficient for continuous data transfer
So:
π Asymmetric β Securely establish trust
β‘ Symmetric β Efficiently encrypt the session
π§© Step 3: The SSH Handshake (Simplified Flow)
Client connects to server
Exchange protocol versions
Negotiate encryption algorithms
Perform key exchange
Derive session key
Switch to encrypted mode
Only then β authentication begins
Important:
The login prompt appears after encryption is already active.
π€ Step 4: Authentication
SSH supports two main authentication methods:
π Password Authentication (Basic)
User types password
Password travels encrypted inside the SSH tunnel
Still vulnerable to brute-force attempts
ποΈ SSH Key Authentication (Recommended)
Much stronger and preferred.
You generate:
Private key β stays on your computer
Public key β copied to the server
The server stores the public key in:
~/.ssh/authorized_keys
During login:
Server sends a challenge
Client signs it using the private key
Server verifies using the public key
Access granted
No password is transmitted.
βοΈ Real-World Example: AWS EC2
With Amazon Web Services (AWS):
You create a key pair
AWS gives you a
.pemprivate keyAWS inserts the public key into the instance
You connect with:
ssh -i mykey.pem ec2-user@server-ip
β If someone steals your .pem file, they can access the server.
π¦ Real-World Example: GitHub Over SSH
With GitHub:
You upload your public key to your account
Git operations use SSH authentication
GitHub verifies your private key signature
GitHub does not allow password-based Git over SSH.
π οΈ SSH Port Forwarding (Tunneling)
SSH can securely forward traffic.
Example:
You have:
A private MySQL database inside a secure network
A public SSH bastion server
You create:
ssh -L 3306:internal-db:3306 user@bastion
Now:
Your local machineβs
localhost:3306Securely tunnels to the internal database
All traffic is encrypted
This allows secure access without exposing the database publicly.
π§ Why Ephemeral Session Keys Matter
Each SSH session:
Generates a fresh key
Uses temporary encryption
Cannot be reused later
This provides forward secrecy:
Even if long-term keys are compromised later, past sessions remain secure.
π Security Takeaways
β SSH encrypts everything
β Encryption starts before authentication
β Key-based login is more secure than passwords
β Session keys are temporary
β Port forwarding allows secure internal access
β Disable password auth in production environments
π’ Practical Advice (Org-Level)
If managing servers, storage systems, or remote Linux machines:
Use key-based authentication only
Disable root login
Restrict SSH by firewall IP rules
Monitor failed login attempts
Rotate keys when staff leave