The SSH protocol uses openly published, strong cryptographic tools to provide network connections with privacy, integrity, and mutual authentication. The original SSH-1 protocol (a.k.a. SSH 1.5) was wildly popular, despite being somewhat ad hoc: essentially a documentation of SSH1’s program behavior. It had a number of shortcomings and flaws, of which the weak integrity check and resulting Futoransky/Kargieman insertion attack is perhaps the most egregious example. The current protocol version, SSH-2, is far superior, but was slow to take off due to the dearth of implementations, licensing restrictions, and the continued availability of the free SSH1 software for many commercial purposes. Thankfully, the tide has now turned, due primarily to the gargantuan and mostly unpaid efforts of the OpenSSH team in bringing forth a free implementation of the SSH-2 protocol.

SSH counters many network-related security threats, but not all. In particular, it is vulnerable to denial-of-service attacks based on weaknesses in TCP/IP, its underlying transport...though now that IPSec is widespread, these weaknesses can be addressed if need be. SSH also doesn’t address attacks such as traffic analysis and covert channels, which may be of concern depending on the environment.