Today, nearly every major network environment including those in governments, large enterprises and financial institutions uses a version of SSH to protect data in transit and let administrators manage systems remotely.
Talk about turning lemons into lemonade. Ylnen was dissatisfied by the lack of security in the rlogin, TELNET, ftp, and rsh protocols, so he devised his own solution. He released the first version of SSH as freeware in July 1995. Adoption exploded. By the end of 1995 there were about 20,000 SSH users. He founded SSH Communications Security by December 1995. By the year 2000, there were about 2 million SSH users. SSH has been assigned to TCP port 22. Many operating systems have SSH software preinstalled, including most versions of Linux, macOS, Solaris, FreeBSD, OpenBSD, NetBSD, and OpenVMS. There are SSH applications for Windows, but they aren't preinstalled and must be installed manually.
The SSH protocol is based on the client-server model. Therefore, an SSH client must initiate an SSH session with an SSH server. Most of the connection setup is conducted by the SSH client. Public key cryptography is used to verify the identity of the SSH server, and then symmetric key encryption and hashing algorithms are used to maintain data transmission in ciphertext. That way, privacy and integrity of data transmission in both directions between the client and server is assured, man-in-the-middle attacks are mitigated.
The steps involved in creating an SSH session go like this:
- Client contacts server to initiate a connection.
- The server responds by sending the client a public cryptography key.
- The server negotiates parameters and opens a secure channel for the client.
- The user, through their client, logs into the server.
There are different ciphers that can be used for SSH depending on the applications being used. Some of them include:
Usually either an implementation of Diffie-Hellman or Elliptic Curve Diffie-Hellman are used to protect the key exchange.
In the world of cryptography, specific ciphers are usually cracked at some point, and new stronger ciphers are developed. So SSH implementations will drop older ciphers and support newer ciphers over time. Therefore, we could still be using SSH thirty or forty years from now. And we all have Ylnen and the password sniffer he discovered to thank for it.