Editing Secure Shell (section)

{{short description|Cryptographic network protocol}}
{{redirect|SSH}}

{{Infobox networking protocol
| is stack = yes
| purpose = secure connection, remote access
| developer = Tatu Ylönen, [[Internet Engineering Task Force]] (IETF)
| osilayer = [[Transport layer]] through [[application layer]]
| ports = 22
| rfcs = RFC 4250, RFC 4251, RFC 4252, RFC 4253, RFC 4254
| date = 1995
}}
{{IPstack}}

The '''Secure Shell Protocol''' ('''SSH Protocol''') is a [[cryptography|cryptographic]] [[network protocol]] for operating [[network service]]s securely over an unsecured network.<ref name="rfc4251"/> Its most notable applications are remote [[login]] and [[Command-line interface|command-line]] execution.

SSH was designed for [[Unix-like]] operating systems as a replacement for [[Telnet]] and [[Computer security|unsecured]] remote [[Unix shell]] protocols, such as the Berkeley [[Remote Shell]] (rsh) and the related [[rlogin]] and [[Remote Process Execution|rexec]] protocols, which all use insecure, [[plaintext]] methods of authentication, like [[passwords]].

Since mechanisms like [[Telnet]] and [[Remote Shell]] are designed to access and operate remote computers, sending the authentication tokens (e.g. username and [[password]]) for this access to these computers across a public network in an unsecured way poses a great risk of 3rd parties obtaining the password and achieving the same level of access to the remote system as the telnet user. Secure Shell mitigates this risk through the use of encryption mechanisms that are intended to hide the contents of the transmission from an observer, even if the observer has access to the entire data stream.<ref>{{cite web |url=https://it.mst.edu/policies/secure-telnet/ |title=Missouri University S&T: Secure Telnet}}</ref>

Finnish computer scientist Tatu Ylönen designed SSH in 1995 and provided an implementation in the form of two commands, {{mono|ssh}} and {{mono|slogin}}, as secure replacements for {{mono|rsh}} and {{mono|rlogin}}, respectively. Subsequent development of the protocol suite proceeded in several developer groups, producing several variants of implementation. The protocol specification distinguishes two major versions, referred to as SSH-1 and SSH-2. The most commonly implemented software stack is [[OpenSSH]], released in 1999 as open-source software by the [[OpenBSD]] developers. Implementations are distributed for all types of operating systems in common use, including embedded systems.

SSH applications are based on a [[client–server model|client–server]] architecture, connecting an [[SSH client]] instance with an [[SSH server]].<ref name="rfc4252">{{cite ietf|rfc=4252|author1=T. Ylonen|author2=C. Lonvick|date=January 2006|title=The Secure Shell (SSH) Authentication Protocol|publisher=IETF Trust}}</ref> SSH operates as a layered protocol suite comprising three principal hierarchical components: the ''transport layer'' provides server authentication, confidentiality, and integrity; the ''user authentication protocol'' validates the user to the server; and the ''connection protocol'' multiplexes the encrypted tunnel into multiple logical communication channels.<ref name="rfc4251">{{cite ietf|rfc=4251|author1=T. Ylonen|author2=C. Lonvick|title=The Secure Shell (SSH) Protocol Architecture|date=January 2006|publisher=IETF Trust}}</ref>