LLMpediaThe first transparent, open encyclopedia generated by LLMs

Secure Shell

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: File Transfer Protocol Hop 3
Expansion Funnel Raw 47 → Dedup 22 → NER 16 → Enqueued 13
1. Extracted47
2. After dedup22 (None)
3. After NER16 (None)
Rejected: 6 (not NE: 6)
4. Enqueued13 (None)
Similarity rejected: 3
Secure Shell
NameSecure Shell
DeveloperTatu Ylönen, IETF
Introduced0 1995
Osi layerApplication layer
Ports22
RfcsRFC 4250, RFC 4251, RFC 4252, RFC 4253, RFC 4254

Secure Shell. It is a cryptographic network protocol designed to provide secure communication over an unsecured network, most famously for remote login and command execution. Developed to replace insecure protocols like Telnet and rlogin, it provides strong encryption, server authentication, and integrity protection. Its functionality has expanded to include secure file transfer and port forwarding, making it a foundational tool for system administration and secure network services.

Overview

The primary role of the protocol is to establish a secure channel between a client and a server, typically running on an operating system like Linux or Unix. It is implemented through widely used software such as OpenSSH, PuTTY, and the proprietary Tectia. Common use cases include administrators accessing web servers, managing infrastructure on Amazon Web Services, and automating tasks via scripts. The protocol suite is standardized by the Internet Engineering Task Force and is defined across several key Request for Comments documents.

Technical details

Operationally, it uses Transmission Control Protocol port 22 by default. The connection process involves a key exchange, typically using algorithms like Diffie–Hellman key exchange, to establish a shared secret. Subsequent data is encrypted using symmetric ciphers such as Advanced Encryption Standard or ChaCha20. Integrity is protected through message authentication codes like HMAC. The protocol operates at the application layer of the TCP/IP model, encapsulating data within a secure tunnel.

Authentication

Client verification of the server is achieved through public-key cryptography, where the server presents a host key that the client can check against a trusted cache, a process that helps prevent man-in-the-middle attacks. For user authentication, multiple methods are supported. These include traditional passwords, public key authentication where the client holds a private key, and integration with systems like Kerberos. Hardware tokens, such as those from YubiKey, can also be used for multi-factor authentication, enhancing security beyond simple credentials.

Security considerations

While the protocol's design is robust, its security depends heavily on proper configuration and management. Weak cryptographic algorithms, like the original SSH-1, are considered obsolete and vulnerable. Compromised or stolen private keys, if not protected by passphrases, present a significant risk. Implementation flaws in software like certain versions of LibSSH have led to critical vulnerabilities. Furthermore, its encrypted tunnels can be misused to bypass security policies on corporate networks or within restrictive environments like the Great Firewall.

Applications

Beyond remote shell access, the protocol enables several powerful applications. The associated Secure Copy Protocol and SSH File Transfer Protocol are used for secure file transfers. Its port forwarding capability can create encrypted tunnels for other protocols, a technique often used to secure traffic for X Window System or Virtual Network Computing connections. It is integral to version control systems like Git for secure repository access and is a core component of infrastructure automation tools such as Ansible and Fabric (software).

History and development

The protocol was originally created in 1995 by Tatu Ylönen at the Helsinki University of Technology in response to a password-sniffing attack on his university network. His initial free implementation quickly gained widespread adoption. To address licensing and standardization concerns, the open-source OpenSSH project was launched as part of the OpenBSD operating system in 1999, becoming the de facto standard. The protocol was formally standardized by the IETF with the publication of RFCs 4250-4254 in 2006. Its development continues, with modern versions deprecating older algorithms and adding new ones to counter emerging threats from entities like the National Security Agency.

Category:Network protocols Category:Cryptographic protocols Category:Internet standards