SSH (English Secure SHell – “secure shell”) – a data transfer protocol that allows you to secure and secure management of the operating system and data. It is an application level network protocol that allows encryption of transmitted data and passwords. It also allows you to transfer any other protocol.
The first version of the SSH protocol was developed already in 1995. Since then, some weaknesses have been discovered and the program has undergone a number of significant changes. Thus, a year later, in 1996, the second version of SSH – 2 was released. It is not compatible with the first version and, speaking of SSH today, SSH is always implied – 2. Since then, SSH has not significantly changed its performance standards and widely used to this day.
SSH is a purely commercial product and is available for a fee. However, the free version, called OpenSSH, is also available everywhere. Despite the fact that OpenSSH is only one of the versions of SSH, it is much more often used by programmers. Some even believe that it is safer and more convenient to use, thanks to its open source code.
- Allows you to remotely work on your computer through a command shell.
- Allows encryption using various algorithms.
- Since SSH allows you to safely transfer virtually any network protocol, it allows you to transfer audio and video files over an encrypted channel.
- Compresses files for later encryption and transfer.
- It protects data transmission over the channel and prevents the possibility of including in the established session and intercepting data.
Required software for working with SSH
To work with SSH, an SSH server and an SSH client are required .
The SSH server accepts the connection from client machines and performs authentication. Authentication for SSH is done in three ways:
- By client’s IP address — while SSH uses several verification methods. The method is not very secure, since there is a possibility of IP address spoofing.
- According to the client’s public key, the scheme is almost the same as when checking the IP address of the client machine, only in this case the client key and user name are checked.
- By client password – frequently used verification method. The password in this case is also transmitted in encrypted form.
The main software platforms that act as an SSH server are:
- BSD: OpenSSH
- Linux: dropbear, lsh-server, openssh-server, ssh
- Windows: freeSSHd, copssh, WinSSHD, KpyM Telnet / SSH Server, MobaSSH, OpenSSH
The SSH client is used to directly log in to a remote server and execute various commands:
- Work with files and directories
- Work on viewing or editing files
- Work tracking
- Work with archives
- Work with MySQL databases
SSH clients and their software shells:
- GNU / Linux, BSD: kdessh, lsh-client, openssh-client, putty, ssh, Vinagre
- MS Windows and Windows NT: PuTTY, SecureCRT, ShellGuard, Axessh, ZOC, SSHWindows, ProSSHD, XShell
- MS Windows Mobile: PocketPuTTy, mToken, sshCE, PocketTTY, OpenSSH, PocketConsole
- Mac OS: NiftyTelnet SSH
- Java: MindTerm, AppGate Security Server
- iPhone: i-SSH, ssh (complete with Terminal)
- Android: connectBot
Despite the fact that there are a lot of SSH clients, PuTTY and SecureCRT are the most popular and frequently used. PuTTY is most preferred because it is provided for free.
To whom it is interesting, I use the free WinSCP program (free graphical client of SFTP and SCP protocols) – PuTTY agent, which is very convenient to work using the SSH protocol. I emphasize that if you do not want your sites to catch a virus or any other infection, it’s better to start using WinSCP instead of regular FTP clients (FileZilla), so you can be sure that you will not be taken away from passwords.
Secure SSH usage
In order to use SSH, a so-called SSH tunnel is safely created. It is created on the basis of SSH and ensures the security of data transmission over Internet channels, encrypting them at one end of the tunnel and decrypting them at the other.
You must follow several rules for using SSH to secure your data:
- Deny the possibility of remote root access.
- Prohibit the connection with a blank password or disable the login password.
- You must select a non-standard port for the SSH server.
- Use long SSH2 RSA keys.
- It is necessary to strictly limit the number of IP addresses from which access is allowed.
- Deny access from dangerous addresses.
- Regularly track authentication error messages.
- Install an intrusion detection system (IDS – Intrusion Detection System).
- Use special traps that fake SSH-service (honeypots).
Unfortunately, today not all hosting companies provide support for SSH. If you are the owner of a single site on the Internet and still have a hard time understanding what SSH is and why you need it, then maybe you don’t need it much. And if you are an experienced user who often sits at a computer while the server has been sharing files via FTP, then most likely you dreamed of SSH your entire ftp-exchange life.
In fact, this is a very convenient thing, and you will soon see for yourself. The time will come when you will need to transfer your project or several projects from a local server to a server of a hosting provider, or from a server of one hosting provider to a server of another hosting provider. This is where SSH helps you.
In addition, SSH allows you to edit files on the server and delete them with one click.
This is what makes hosting with the ability to use SSH so desirable. When choosing a hosting provider, pay attention to this important criterion. Believe me, this will help you save a lot of time and nerves, and also protect your data from loss.