search

SSH

SSH (Secure Shell) is a cryptographic network protocol used for secure communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It was developed in 1995 as a secure replacement for Telnet, rlogin, and other insecure protocols. SSH encrypts all traffic, including passwords, to prevent eavesdropping, connection hijacking, and other attacks.

hashtag
Key Features of SSH

  • Uses TCP port 22 by default

  • Provides strong encryption (AES, ChaCha20), integrity checks (HMAC-SHA2), and host authentication

  • Supports password-based and key-based authentication

  • Allows secure file transfers (SFTP, SCP) and port forwarding

  • Widely used for remote server administration, Git operations, and secure tunneling

hashtag
How SSH Works

SSH operates in three main phases:

  1. Connection Establishment

    • Client connects to the server on port 22

    • Server presents its host key for verification

  2. Key Exchange & Encryption Setup

    • Client and server negotiate encryption algorithms

    • Establish a shared secret using Diffie-Hellman key exchange

  3. Authentication & Session

    • User authenticates via password or public key

    • Encrypted communication begins

hashtag
SSH Components

hashtag
1. SSH Protocol Layers

Layer
Function

Transport Layer

Handles encryption, integrity, and server authentication

User Authentication Layer

Manages client authentication (password/key)

Connection Layer

Multiplexes multiple channels (shell, SFTP, tunnels)

hashtag
2. SSH Key Files

File
Purpose

~/.ssh/id_rsa

Private key (keep secure!)

~/.ssh/id_rsa.pub

Public key (shared with servers)

~/.ssh/known_hosts

Stores verified host keys

~/.ssh/authorized_keys

Lists approved public keys for login

hashtag
SSH Authentication Methods

hashtag
1. Password Authentication

Pros: Simple to set up Cons: Vulnerable to brute-force attacks

hashtag
2. Public Key Authentication (Recommended)

Pros:

  • More secure (resistant to brute force)

  • Enables passwordless login

  • Supports key passphrases for extra security

hashtag
Common SSH Commands

hashtag
Basic Connection

Command
Description

ssh user@host

Connect to host as user

ssh -p 2222 user@host

Connect to non-standard port

ssh -i ~/.ssh/key.pem user@host

Use specific private key

hashtag
File Transfer

Command
Description

scp file.txt user@host:/path

Upload file via SCP

scp user@host:/path/file.txt .

Download file via SCP

sftp user@host

Interactive SFTP session

hashtag
Port Forwarding

Command
Description

ssh -L 8080:localhost:80 user@host

Local port forwarding

ssh -R 9000:localhost:3000 user@host

Remote port forwarding

ssh -D 1080 user@host

SOCKS proxy tunneling

SSH can create a dynamic encrypted SOCKS proxy tunnel, allowing you to securely route traffic from your local machine through a remote server.

hashtag
SSH Server Configuration (sshd)

Configuration file: /etc/ssh/sshd_config

hashtag
Security Best Practices

hashtag
Restart SSH Service

hashtag
SSH Hardening Guide

hashtag
Step 1: Key-Based Authentication Only

  1. Generate keys on client:

  2. Copy public key to server:

  3. Disable passwords in /etc/ssh/sshd_config:

hashtag
Step 2: Firewall Configuration

hashtag
Step 3: Fail2Ban Setup

Install and configure Fail2Ban to block brute-force attempts:

Edit /etc/fail2ban/jail.local:

hashtag
SSH Troubleshooting

hashtag
Common Issues

Error
Solution

Permission denied (publickey)

Verify authorized_keys permissions (600)

Host key verification failed

Remove offending key from known_hosts

Connection refused

Check firewall/SSH daemon status

Too many authentication failures

Use -o IdentitiesOnly=yes with -i

hashtag
Debug Mode

hashtag
SSH Security Scanning with Nmap

hashtag
1. Basic SSH Detection

hashtag
2. SSH Version & Algorithms

hashtag
3. Vulnerability Checks

hashtag
4. Full SSH Audit

hashtag
Advanced SSH Features

hashtag
1. SSH Config File (~/.ssh/config)

hashtag
2. SSH Agent Forwarding

hashtag
3. Multiplexing (Faster Connections)

hashtag
SSH Best Practices

  1. Always use key authentication - Disable password logins

  2. Use strong algorithms - Prefer ed25519 over RSA

  3. Restrict access - Use AllowUsers/AllowGroups

  4. Update regularly - Patch against vulnerabilities

  5. Monitor logs - Watch for brute force attempts

  6. Use bastion hosts - For critical infrastructure access

    A bastion host (also called a jump server or jump host) is a specially configured server that acts as a secure gateway between untrusted networks (like the internet) and trusted internal networks. It's the only server exposed to the internet in a properly secured architecture.

  7. Disable unused features - X11, port forwarding if not needed

hashtag
SSH Client Tools

Tool
Purpose

OpenSSH

Standard Unix client (ssh, scp, sftp)

PuTTY

Popular Windows SSH client

MobaXterm

Enhanced Windows SSH with X11

Termius

Cross-platform SSH client

SecureCRT

Commercial SSH client

PreviousFTPNextSOC

Last updated