SSH stands for Secure Shocket Shell. The Secure Shell protocol is a networking protocol which plays a key role in online security processes.

It enables remote computers to authenticate the connections of users (and vice versa), and employs a form of public key cryptography to ensure that communications between servers and users are as watertight as possible. At the same time, SSH functions over unsecured networks, offering a secure way to use public wi-fi networks which could otherwise leak data.

Why was Secure Socks Shell created? Well, the first iteration of the protocol appeared in 1995. It was created by Finnish coder Tatu Ylönen in response to a phishing attack on his university. Initially used on small Telnet-based networks, network experts across the world soon started to ask themselves what is SSH useful for, and by 2000 it had became a mainstream security feature of remote systems across the world.

As of 2018, the Secure Shell Protocol had reached version 2.0, with OpenSSH also available (and actually more popular than commercially marketed versions).

How does SSH work?

So, that’s a quick intro to what is SSH, but how does SSH work? It uses a system called public key authentication, which is theoretically one of the strongest security tools known to man.

It operates exclusively via remote login systems, and acts as a protocol – meaning that it determines how information is sent between two computers or other digital devices.

When data is sent from a user to a remote server, an SSH tunnel is created, protecting data from external eavesdropping. At both ends of the journey, the protocol checks the identity of the user and server (authentication) and checks the integrity of the data being sent.

While authentication and integrity checks take place, the tunnel provides a layer of protection. This uses two encryption keys, creating a double layer of encryption. One of those keys (the server key) is changed every hour, adding another dimension to the security provided by the protocol.

Is SSH secure?

The whole point of the Secure Shell Protocol is security. Without it, there would be little point in taking the effort to create double-encryption systems which can cap data transfer speeds and add to the complexity of network management. But exactly how secure is SSH?

The short answer to the question is SSH secure is yes, as long as both server managers and individual users adopt strong security practices. The actual encryption keys used by SSH are virtually impossible to crack, with each 128-bit key coming with 340,282,366,920,938,463,463,374,607,431,768,211,456 different outcomes. If anyone tried to decrypt that, the chances are that the public key would have changed on the hour, rendering their efforts null and void.

This means that the secured tunnel tends to exclude snoopers and sniffers, who prey on vulnerable networks, seeking passwords and other personal data. Moreover, SSH is largely an open source project nowadays, with a large community of people refining its security features. Any major vulnerabilities are likely to be picked up with so many eyes watching the way Secure Shell networks operate.

But, as we said earlier, human error can make SSH pointless. If users enable outsiders to access their computers via tools like keyloggers or trojans, it doesn’t necessarily matter whether they use the Secure Shell Protocol.

How to enable SSH?

If you’re connecting to a network via a public connection, it may well be a good idea to enable Secure Socket Shell to protect your data. Fortunately, the latest Windows build comes with OpenSSH included (though many users don’t know this).

Firstly, head to the Control Panel and choose Settings > Apps, then “Manage Optional Features.” Choose “Add a Feature”, scroll down, and select “OpenSSH Client (Beta)”. Now press Install.

To run the Secure Socket Shell client, head to the command line and type “SSH”. When you’re in the client, type SSH, then the location of the server you’d like to connect with. After that just follow the prompts and download the server key. When that’s done, your connection should be secure.

How to exit SSH?

Whenever you start an SSH protocol session, it’s important to quite the client properly, so here’s a basic guide to how to exit the client ethically.

Whether you’re using a Macintosh, Linux or Windows shell, the process is almost identical. Don’t just close the application as normal after you log out of the server. Instead, how to quit SSH involves going back to the terminal screen to enter a couple of commands.

Type “exit” and then enter. This should completely log you out of whatever server you were using. Then press Control + D to exit the shell.

SSH vulnerabilities

So, we know that the Secure Shell protocol is secure and effective for using unsecured public networks, but what about SSH vulnerabilities? Why aren’t we all using SSH when we connect to company networks or use coffee shop wi-fi?

Firstly, the protocol is vulnerable to excessive complexity. As Secure Socket Shell networks grow, companies or universities can dish out thousands of security keys, and keeping track of them can be overwhelming. If they fall into the wrong hands, these keys can provide access to servers for almost anyone.

A related problem with SSH security vulnerabilities is that security keys tend to provide wide access to multiple systems, so when keys are poorly managed, attackers can cause carnage.

These issues then lead to conservative network management practices like static or embedded keys, which make their jobs easier – until attacks occur.

SSH VPN

These vulnerabilities have led many security experts to counterpose SSH vs VPN networks, or to create SSH VPN fusions which provides even better security.

Why choose a VPN over SSH? VPNs are generally seen as superior because they provide network connections, while the Secure Socket Shell provides connections to individual servers. This makes it easier to use a VPN to access remotely held files, and to communicate with multiple users at the same time.

Then again, SSH is usually easier to set up, making it a go-to option for businesses and academic institutions who need a lightweight, affordable option.

However, many people now choose to fuse the two via an SSH VPN tunnel. This delivers the freedom associated with VPNs, along with the double encryption of the Secure Socket Shell. So using both security tools could well be a sensible strategy.