This post is part of a series designed to help developers who are just starting out understand some basics and how they relate to WordPress. This fourth post is about SSH which we offer on our VPS and Enterprise plans. The previous post on FTP vs SFTP touched on SSH a bit, but this one will explain it a little more in-depth and also provide links to video tutorials on how to connect via SSH in general.
SSH stands for Secure Shell. The first version (SSH-1) of the protocol was developed in 1995 by a researcher at the University of Helsinki in Finland. The researcher became aware of a password sniffing attack on the school’s network and realized he needed to do something. At the time, the main protocols were TELNET, rlogin, and rsh. If you can believe it, some of these actually sent passwords via plaintext, which mean if they were intercepted they could easily be deciphered and used to create havoc. Since these protocols did not provide confidentiality or strong enough authentication, something stronger was needed. By the end of 1995 there were 20,000 people using it, and it had only been released 5 months earlier in July. By the year 2000, some 2 million people were using it. Currently version 2 (SSH-2) is being utilized and is regarded as even more secure than its predecessor.
So now that we know how it came to be, what exactly is SSH? Well, we know it’s a protocol and specifically it’s a cryptographic network security protocol. It can be used for secure data communication, remote login via command-line, remote command execution, among other things. Think of SSH as creating a secure channel or pipeline between a server and client over a network that otherwise would be insecure (e.g. the internet). The server and client (i.e. user) both run SSH programs in order to facilitate this.
SSH uses public key cryptography to authenticate the remote computer that’s trying to connect to the server. One way to do this is to use automatically generated public-private key pairs to encrypt the connection and then use a password for login authentication. Another method is to use manually generated public-private key pairs to perform the authentication aspect, which allows users to login without supplying a password. It’s important for the owner of the private key (client/user) secret since it shouldn’t fall into the wrong hands. The private key isn’t actually transferred over the network during authentication which adds to the security aspect. SSH just makes sure the same person offering the public key also owns the matching private key.
SSH can be used for file transfer via SFTP or secure copy (SCP), tunneling, and forwarding TCP ports and X11 connections. However, it is most commonly used to login to a remote machine (e.g. server) and execute commands. TCP port 22 has been assigned for contacting SSH servers. Users run an SSH client program on their machine, and Windows does not include SSH by default, but Mac OSX and most version of Linux do. Most Windows users use PuTTY for SSH, sometimes paired with WinSCP. If you really want to geek out, you can read up on the architecture and various layers of SSH that separate various functions. These layers include the transport layer, user authentication layer, connection layer, and the SSHFP DNS record.
To watch an awesome video tutorial on how to establish an SSH connection, here is an excellent one posted recently by LearnCode.academy