SSH is a tool used via command line by programmers and admins to connect securely to another server. The server could be across the room, or across the globe. In my work as a web developer, it’s one of the most useful tools I have at my fingertips daily. Once you learn it, you’ll want to install it on every *nix machine you come in contact with…and want it on every server account!

SSH is actually a suite of tools. Once you start to use the different tools includes in SSH, the power of the suite really starts to change the way you work.

Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. Unlike telnet, rlogin, ftp, and other such programs that perform similar tasks, SSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. SSH lets you do all the important, useful *nix stuff like telnet, rlogin, rsh, and rcp in an encrypted format. In most SSH implementations, there is also a replacement for FTP: sftp.

If you’re familiar with SSL certificates for websites, SSH is pretty similar. Both setup encrypted communications over the web using keys or public credentials (digital certificates).

Using SSH is pretty easy once you learn a few commands, and becomes even more handy if you know or learn VIM (a unix/linux text editor). If you’re familiar with DOS or basic linux commands like mv (move), cp (copy) or rm (remove), you’ll have no problems doing the basics.

So Here’s How SSH Works…

First, the client and the server exchange (public) host keys. If the client machine has never encountered a given public key before, both ssh and most web browsers ask the user whether to accept the untrusted key. Next, they use these to negotiate a session key that is used to encrypt all subsequent session data via a block cipher such as Triple-DES (3DES), blowfish, or idea.

Then, the server attempts to authenticate the client using RSA or DSA certificates. If this isn’t possible, the client is prompted for a standard username/password combination (optionally, “rhosts” host-IP-based authentication with or without RSA keys may be used; OpenSSH also supports KerberosIV and skey). Finally, after successful authentication the session proper begins: either a remote shell, a secure file transfer, a remote command, etc., is begun over the encrypted tunnel.

As I mentioned…SSH is actually a suite of tools, including:

• SSHd - Dæmon that acts as a server to all other commands
• ssh - Primary end-user tool: remote shell, remote command, and port-forwarding sessions
• scp - tool for automated file transfers
• sftp - tool for interactive file transfers–COMMERCIAL SSH ONLY
• ssh-keygen - generates private-public key pairs for use in RSA and DSA authentication (including host keys)
• ssh-agent - Dæmon used to automate client’s RSA/DSA authentications
• ssh-add - loads private keys into ssh-agent process
• ssh-askpass - X interface for ssh-add

The Quick’n'Dirty Intro

Of course, you have to have an account on another host to use SSH. Getting started with ssh can be as simple as:

ssh anotherhost.com

If you need to login with a different username than on your local machine, you can either:

ssh username or ssh -l username anotherhost.com

Once you login, you will see a command prompt that you can use to copy, move, edit or change permissions of files or run commands on the remote host. If you need a memory jog on certain commands, you can ‘man’ a command or check out a linux cheat sheet. There are plenty of cheat sheets on the web.

To copy files to a server, use scp:

scp [options] srcpath destinationpath

A Little SSH History

A little background for those unfamiliar…SSH roughly stands for ‘Secure Shell’. Before SSH, server connections were pretty insecure because data transmissions were in plain text.

SSH1 was introduced in 1995 as free sofware with source code by the creator, Tatu Ylönen to remedy this problem. In 1998, SSH2 was released. However, the new version (SSH2) didn’t completely replace the first version (SSH1) for various reasons including missing features and more restrictive licensing. So while you may still see SSH1 around, you will also see SSH2 and OpenSSH.