Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an insecure network. The best known example application is for remote login to computer systems by users.
SSH provides a secure channel over an insecure network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two larger versions, referred to as SSH-1 and SSH-2.
The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but there is also some limited use in Windows. By 2015, Microsoft announced that it would include native support for SSH in a future release.
SSH was designed as a replacement for Telnet and for insecure remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. These protocols send information, notably passwords, in pure text, making them susceptible to interception and disclosure using packet analysis.  The encryption used by SSH is intended to provide confidentiality and data integrity over an insecure network, such as the Internet, although the leaked files by Edward Snowden indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read session content SSH. Definition: SSH uses public key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary. There are several ways to use SSH,
Another way is to use a manually generated public-private key pair to perform authentication, allowing users or programs to log in without having to specify a password. In this scenario, anyone can produce a corresponding pair of different keys (public and private). The public key is placed on all computers that must allow access to the owner of the corresponding private key (the owner keeps the secret of the private key). Because authentication is based on the private key, the key itself is never transferred through the network during authentication. SSH only checks if the same person who offers the public key also has the corresponding private key. In all versions of SSH it is important to check unknown public keys, that is, associate public keys with identities, Before accepting them as valid. Accepting the public key of an attacker without validation will authorize the attacker as a valid user.
SSH is typically used to login to a remote machine and execute commands, but also supports tunneling, TCP port redirection, and X11 connections. It can transfer files using SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model.
The default TCP port 22 has been used to contact SSH servers.
Key Management :
On Unix-like systems, the list of authorized public keys is usually stored in the user’s home directory that is allowed to log remotely in the ~ / .ssh / authorized_keys file. This file is considered by SSH only if it can not be changed by anything other than the owner and root. When the public key is present on the remote terminal and the corresponding private key is present on the local terminal, typing the password is no longer required (some softwares such as the Message Passing Interface (MPI) stack may need this passwordless access to run properly) . However, for additional security the private key itself can be locked with a password.
The private key can also be searched in default locations and its full path can be specified as a command-line setting (the -i option for ssh). The ssh-keygen utility produces public and private keys, always in pairs.
SSH also supports password-based authentication that is encrypted by automatically generated keys. In this case the attacker can imitate the legitimate server side, request the password and get it (man-in-the-middle attack). However, this is only possible if both sides have never authenticated before, since SSH remembers the key that the server side used previously. The SSH client throws a warning before accepting the key from a previously unknown new server. Password authentication can be disabled.
- SSH (in English)
- PUTTY SSH Client for Windows.
- WinSCP Client SFTP for Windows. (in English)
- Fugu SSH Client SSH for OSX.
- Web SSH Client for Internet. (in English)