What is SSH?

SSH (Secure Shell) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line login and remote command execution, but any network service can be secured with SSH.

Understanding SSH

The purpose of the SSH (Secure Shell) protocol is to secure remote login from one computer to another. It protects the communications security and integrity with strong encryption. It is a secure alternative to the non-protected login programs such as Telnet, Rlogin, and FTP.

The protocol works in the client-server model, which means that the connection is established by the SSH client connecting to the SSH server. The SSH client drives the connection setup process and uses public key cryptography to verify the identity of the SSH server. After the setup phase the SSH protocol uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is exchanged between the client and server.

  • OpenSSH is the Open Source software that implements SSH protocol.
  • In any modern day Linux-based operating systems, SSH server runs as a daemon/service which is controlled by Systemd.
  • SSH protocol operates at OSI layer 7 and relies on TCP/IP protocol for host-to-host communication.
  • SSH is widely adopted protocol because of it's built-in encryption features. By default, all SSH connections are end-to-end encrypted.
  • SSH perfectly integrates with major Shells such as Bourne, BASH, etc., to provide a neat command-line interface experience.
  • By default, SSH is the only protocol allowed to login into Unix/Linux cloud servers running on AWS, GCP, and Azure.

How SSH Key-based Authentication Works?

In SSH, key-based authentication is more secure than password-based authentication. SSH keys allows authentication between two hosts without the need of a password. SSH key authentication uses two keys, a private key and a public key. First, you need to generated a SSH key pair, then copy the public key to the user's home directory on the remote server.

  • A SSH key pair is machine independent as well as system user independent, so you can effectively reuse it.
  • The private key is a secret which is not meant to be shared whereas the public key is shareable.
  • It is highly recommended to configure SSH server to only accept key-based authentication and reject password-based authentication for security purposes.
  • You need to rotate SSH key pair frequently in production environment to avoid potential security issues.
  • SSH key pair is generated using cryptographic algorithms such as RSA, DSA, DSS, ECDSA, etc., and hashing functions such as SHA1, SHA2, SHA256, etc.
  • It is highly recommended to generate 2048 bit RSA key pair to use with SSH.

What is Version Control System (VCS)/Source Control Management (SCM)?

Version Control System (VCS) is a component in software development life cycle, also known as Revision Control System or Source Control System or Source Control Management (SCM). It manages the changes to files, especially source code and computer programs, then preserves the history of it.

What is Git?

Git is a distributed VCS for tracking changes in source code during software development. It is designed for coordinating work among programmers, but it can be used to track changes in any set of files. Its goals include speed, data integrity, and support for distributed, non-linear workflows.

On this document