What is SSH? Definition, How it Works and Functions

Secure shell or SSH is a transfer protocol that allows users to control a device remotely or remotely via an internet connection.

If it’s your first time hearing about this protocol and would like to know more about what SSH is and how it works, you’ve come to the right place!

This article will cover everything you need to know about secure shell connections. Starting from the understanding, benefits, how it works and also its function.

Understanding SSH


As discussed above, briefly the notion of secure shell or ssh is a transfer protocol used to control and modify servers remotely.

With SSH, you can access and modify various settings and files on the server.

The function of SSH is as a safe and reliable data transfer medium that can be used remotely or remotely.

If you’ve used remote login applications like Telnet before, SSH is a more secure replacement thanks to its secure shell technology.

Unlike the previous generation of remote login applications, SSH uses three encryption technologies that ensure the security of the connection used during the transfer process.

The three SSH encryption technologies are symmetric, asymmetric, and hashing. These three technologies are cryptographic techniques that ensure that all data involved in the transfer is encrypted.

With this cryptographic technology, users can freely send data to the server without fear of hackers and third parties who intend to steal it.

This of course gives you more freedom to make remote connections securely wherever you want. Even through vulnerable networks like public wifi though.

How SSH Works

SSH Client

You will not find significant difficulties when operating SSH if you have used Linux or Mac first. However, you need to activate the SSH application to open an SSH connection if the operating system used is Windows. The most widely used SSH client is PuTTY. You can read more information here .

For Mac and Linux users, open a terminal program and follow the procedure below:

The SSH command consists of 3 distinct parts:

	ssh {user}@{host}

The command SSH key instructs the system that you want to open an encrypted Secure Shell Connection. {user} refers to the account you want to access. For example, suppose you want to access the root user , which is basically a system administrator who has all the rights to modify anything on the system. {host} refers to the computer you want to access. In this case it is an IP address ( for example, ) or a domain name (for example, www.xyzdomain.com).

When you press the Enter key, you will be asked to enter the password for the requested account Although no information appears on the screen, the password that has been typed is being transmitted.

After entering the password, press the Enter key again. If the password you entered is correct, a remote terminal window will appear.

Understanding Different Encryption Techniques

The main advantage offered by SSH through its precursor is the use of encryption to ensure a more secure transfer of information between the host and the client. Host refers to the remote server you want to access, while client is the computer you want to use to access the host. There are three different encryption technologies used by SSH:

  1. Symmetric encryption
  2. Asymmetric encryption
  3. Hashing

Symmetric Encryption

Symmetric encryption is a form of encryption in which a secret key is used to both encrypt and decrypt messages by both the client and the host. Effectively, anyone who has the key can decrypt the message being transferred.

Symmetric encryption is often called shared key or shared secret encryption . Usually only one key is used, or sometimes a key pair where one key can be easily calculated using another key.

The symmetric key is used to encrypt the entire communication during the SSH Session. Neither the client nor the server obtains the secret key using an approved method, and the resultant key is never disclosed to any third party. The symmetric key generation process is carried out by a key exchange algorithm. What makes this algorithm secure is the fact that the key is never transmitted between the client and the host. Instead, two computers share chunks of public data, then manipulate them to compute secret keys independently. Even if other systems store publicly shared data, they will not be able to calculate the key because the key exchange algorithm is unknown.

However, please note that the secret token is specific to each SSH session, and was previously created for client authentication. After the key has been generated, all packets transferred between the two systems must be encrypted by the private key. This includes passwords that are typed in by the user so that the credentials are always protected from the network packet analyzer.

There are various symmetric encryption cyphers, including, but not limited to, AES (Advanced Encryption Standard), CAST128, Blowfish, etc. Before establishing a secure connection, the client and host decide which cypher to use by publishing a list of supported cyphers in order of preference. The most widely used cypher of the client supported cyphers listed on the hosts list is used as a bidirectional cypher.

For example, if two Ubuntu 14.04 LTS systems communicate with each other via SSH, then both systems will use aes128-ctr as the default cipher.

Asymmetric Encryption

Unlike symmetric encryption, asymmetric encryption uses two separate keys for encryption and decryption. These two keys are known as public key and private key . Together, these two keys form a public-private key pair (public-private key pair) .

Public keys, as the name suggests, are distributed and shared openly to all parties. Although closely related to the private key in terms of functionality, the private key cannot be computed mathematically from the public key. The relationship between these two keys is very complicated: a message encrypted by the public key device can only be decrypted by the private key device. This one-way relationship indicates that the public key cannot decrypt the message itself nor can it decrypt anything that the private key has encrypted.

The private key must remain private , for example for the connection to be secured so that no third party can know about it. The advantage of all these connections lies in the fact that the private key is never allowed to be known as it is the only component that can decrypt messages that have been encrypted using the public key. Therefore, any party with the ability to decrypt messages that are already known to the public must have the appropriate private key.

Unlike perception in general, asymmetric encryption is not used to encrypt the entire SSH. Instead, asymmetric encryption is only used when the key exchange algorithm of symmetric encryption takes place. Before activating a secured connection, both parties generate a temporary public-private key pair, and share their respective private keys to generate a shared secret key.

As soon as a secure symmetric communication network is established, the server uses the client’s public key to generate and reject and sends the symmetric communication to the client for authentication. If the client successfully decrypts the message, then the message has the private key needed to establish the connection. The SSH work begins.


One-way hashing is a form of cryptography used in Secure Shell Connections. The one-way-hash function differs from the two forms of encryption mentioned above, in that it is not intended to be decrypted. The function of one-way-hash is to create a unique fixed length value for each input that does not show an exploitable trend. Therefore, these functions are highly unlikely to be reversed.

It is easy to generate a cryptographic hash of a given input, but it is extremely impossible to generate an input from that hash. This means that if the client stores the correct input, it can generate a cryptographic hash and compare the values ​​to verify if the client has the correct input.

SSH uses hashes to verify the authenticity of messages. We can do this by using HMAC, otherwise known as Hash-based Message Authentication Codes. This step ensures that the received command is not manipulated in any way.

While the symmetric encryption algorithm is being selected, the appropriate message authentication algorithm is also selected. This process works in much the same way as when a cipher is selected, as described in the section on symmetric encryption.

Each transmitted message must have a MAC, which is calculated using the symmetric key, packet sequence number, and message body. The message is sent beyond the symmetrically encrypted data as the final part of the communication packet.

How SSH Works with Encryption Techniques

SSH works by utilizing the client-server method to allow authentication of two remote systems and encryption of data passing through the two remote systems.

SSH runs on TCP port 22 by default (although this can be changed as needed). The host (server) keeps an eye on port 22 (or any other SSH port) for incoming connections. Port 22 manages secure connections by authenticating the client and creating a proper shell network whenever the verification process is successful.

Before starting the SSH connection, the client must first connect the TCP handshake with the server, then ensure the security of the symmetric connection, then verify whether the identity displayed by the server matches the previous record (usually stored in the RSA key storage file), and display the user credentials required for perform connection authentication.

There are two stages in establishing a connection: first, both systems agree on an encryption standard to secure communications, and second, users must also authenticate their own identities. If the credentials match, then the user will be granted access.

Negotiation on Encryption

When a client tries to connect to the server via TCP, the server provides the respective encryption protocols and supported versions. If the client has a compatible and nearly identical pair of protocols and versions, then an agreement is made and the connection is initiated with the accepted protocol. The server also uses an asymmetric public key which the client can use to verify the authenticity of the host.

After that, the two parties use what is known as the Diffie-Hellman Key Exchange Algortihm to generate a symmetric key. This algorithm allows both the client and the server to retrieve a shared encryption key which will then be used to encrypt the entire communication section.

Here’s how the algorithm works at a basic level:

  • Both the client and the server know very large prime numbers, which of course has nothing in common. This prime number value is also known as the seed value .
  • Both parties know the general encryption mechanism for creating another set of values ​​by manipulating the seed values ​​in a certain algorithmic way. This mechanism, also known as encryption generator, performs massive operations on the seed. An example is AES (Advanced Encryption Standard).
  • Independently, the two parties made another prime number. This prime number is used as a secret private key when interacting.
  • A newly generated private key, with a shared number and an encryption algorithm (for example, AES), is used to compute the public key distributed to other computers.
  • These parties then use their personal private key, the other system’s shared public key, and the original prime number to generate the final shared key. Separately, this key is computed by both computers, but still generates the same encryption key on both sides.
  • Now both sides already have a shared key. Symmetrically, these two sides can encrypt the entirety of SSH. The same key can be used to encrypt and decrypt messages (read: symmetric encryption part).

After the secure symmetric encryption has been successfully established, the user must authenticate.

User Authentication

The last stage before the user is granted access to the server is to authenticate the credentials. For this, most SSH users use a password. The user will be asked to enter a username, then a password. Securely, these credentials are sent through a symmetric encryption tunnel so that no third party can steal them.

Even though the password is encrypted, it is still not recommended for users to use the password on a secure connection. This is because many bots can steal standard or easily guessed passwords to gain access to your account. We recommend that you use SSH Key Pair as an alternative.

SSH Key Pair is an asymmetric key set that is used to authenticate users without having to enter a password.


By learning more about how SSH works, users can understand the security aspects of this technology. Many people find this process too difficult and not easy to understand and follow. However, in fact the method is very easy and not as imagined by most people. If you’re wondering how long it takes a computer to compute the hash and authenticate a user, then the answer is very fast. In reality, you will spend the most time transferring data on the internet.

Hopefully this SSH tutorial has helped you understand that although different technologies can be used together to create robust systems in which each mechanism plays an important role. Now you finally know that Telnet is out of date if your internet future is secured by SSH.