The SSH Protocol

SSH is a protocol, not a product. It is a specification of how to conduct secure communication over a network.[3]

The SSH protocol covers authentication, encryption, and the integrity of data transmitted over a network, as shown in Figure 1-2. Let’s define these terms:

Authentication

Reliably determines someone’s identity. If you try to log into an account on a remote computer, SSH asks for digital proof of your identity. If you pass the test, you may log in; otherwise, SSH rejects the connection.

Encryption

Scrambles data so that it is unintelligible except to the intended recipients. This protects your data as it passes over the network.

Integrity

Guarantees the data traveling over the network arrives unaltered. If a third party captures and modifies your data in transit, SSH detects this fact.

Authentication, encryption, and integrity

Figure 1-2. Authentication, encryption, and integrity

In short, SSH makes network connections between computers, with strong guarantees that the parties on both ends of the connection are genuine. It also ensures that any data passing over these connections arrives unmodified and unread by eavesdroppers.

1.3.1 Protocols, Products, Clients, and Confusion

The first SSH product, created by Tatu Ylönen for Unix, was simply called “SSH.” This caused confusion because SSH was also the name of the protocol. In this book, we use more precise terminology to refer to protocols, products, and programs, summarized in the sidebar “Terminology: SSH Protocols and Products.” In short:

  • Protocols are denoted with dashes: SSH-1, SSH-2.

  • Products are denoted in mixed case, without dashes: OpenSSH, Tectia, PuTTY, etc.

  • Client programs are in lowercase: ssh, scp, putty, etc.

Terminology: SSH Protocols and Products

SSH

A generic term referring to SSH protocols and software products.

SSH-1

The SSH protocol, Version 1. This is the original protocol, and it has serious limitations, so we do not recommend its use anymore.

SSH-2

The SSH protocol, Version 2, the most common and secure SSH protocol used today. It is defined by draft standards documents of the IETF SECSH working group. [3.4]

SSH1

The granddaddy of it all: the original SSH product created by Tatu Ylönen. It implemented (and defined) the SSH-1 protocol and is now obsolete.

SSH2

The original SSH-2 product, created by Tatu Ylönen and his company, SSH Communications Security (http://www.ssh.com).

ssh (all lowercase letters)

A client program run on the command line and included in many SSH products, for running secure terminal sessions and remote commands. On some systems it might be named ssh1 or ssh2.

OpenSSH

The product OpenSSH from the OpenBSD project, http://www.openssh.com.

Tectia

The successor to SSH2, this refers to the product suite “SSH Tectia” from SSH Communications Security. We abbreviate the name as simply “Tectia.” Since Tectia is available for both Unix and Windows, when we write “Tectia” we generally mean the Unix version unless we say otherwise.


[3] Although we say “the SSH protocol,” there are actually two incompatible versions of the protocols in common use: SSH-1 (a.k.a. SSH-1.5) and SSH-2. We distinguish these protocols later.

Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial