securitynetwork-plusBeginner19 min read

What Is Secure Shell? Security Definition

Also known as: Secure Shell, SSH definition, SSH protocol, SSH vs Telnet, SSH port 22

Reviewed byJohnson Ajibi· Senior Network & Security Engineer · MSc IT Security
On This Page

Quick Definition

Secure Shell, often called SSH, is a tool that lets you securely connect to another computer over the internet. It creates a protected tunnel so that all data sent between your computer and the remote computer is encrypted and safe from eavesdroppers. IT professionals use SSH to manage servers, transfer files, and run commands on machines that are in another room, city, or country.

Must Know for Exams

SSH appears heavily in the CompTIA A+, Network+, Security+, and CCNA certification exams. In CompTIA A+, SSH is introduced as a secure alternative to Telnet for remote administration. The exam expects you to know that SSH uses port 22 and provides encrypted communication. You may be asked to identify the correct port number for SSH in a matching question.

In CompTIA Network+, SSH is covered under network protocols and remote access methods. Exam objectives include comparing SSH with Telnet, understanding that SSH encrypts the session, and knowing that it uses TCP port 22. Scenario questions may ask which protocol to use for securely managing a remote router or server. You will also see questions about SSH key-based authentication versus password authentication.

CompTIA Security+ delves deeper into SSH as a secure protocol for remote access and file transfer. The exam covers authentication methods, tunneling, and the role of SSH in securing management interfaces. You may be tested on how SSH protects against eavesdropping and man-in-the-middle attacks. Security+ also ties SSH to the principle of defense in depth, where multiple layers of security are used.

In the Cisco CCNA exam, SSH is essential for device management. You need to know how to configure SSH on a Cisco IOS device, including setting the hostname, domain name, generating RSA keys, and creating local user accounts. Troubleshooting SSH connectivity and understanding the difference between SSH versions 1 and 2 are common topics. The CCNA blueprint explicitly lists SSH under remote access and management protocols.

Simple Meaning

Imagine you want to send a secret message to a friend across a crowded room. You could shout it, but everyone would hear. Instead, you write the message, put it in a locked box, and hand it to a trusted courier who delivers it to your friend. Your friend has the only key to open the box. Secure Shell works much like that locked box and trusted courier, but for computers.

When you use SSH, your computer (the client) connects to another computer (the server) over a network. The first thing that happens is a handshake, where both computers verify each other's identity using cryptographic keys. Think of these keys as digital ID cards that prove who you are. After the handshake, a secure channel is created. All the information that travels through this channel, whether it is commands you type, files you transfer, or passwords you enter, is scrambled (encrypted) so that anyone intercepting it sees only gibberish.

SSH is not about what you do remotely; it is about how you do it safely. Without SSH, using older protocols like Telnet, your commands travel as plain text. Anyone on the network can read them with simple tools. SSH wraps everything in encryption, making it the standard for remote system administration. It is used to log into servers, run software updates, configure network devices, and automate tasks. In short, SSH is the secure key to the digital back door of modern IT infrastructure.

Full Technical Definition

Secure Shell (SSH) is a cryptographic network protocol defined primarily in RFC 4251, RFC 4252, RFC 4253, and RFC 4254. It operates at the application layer of the TCP/IP model, typically using TCP port 22. SSH provides strong authentication, encrypted data transfer, and integrity checking between a client and a server over an unsecured network.

The protocol has three main layers. The Transport Layer handles initial key exchange, server authentication, encryption, and integrity verification. It uses algorithms like Diffie-Hellman for key exchange, RSA or ECDSA for server host key authentication, and AES or ChaCha20 for symmetric encryption. The User Authentication Layer verifies the client's identity using methods such as password authentication, public-key authentication, keyboard-interactive, or GSSAPI. The Connection Layer manages multiple logical channels over a single encrypted connection, allowing multiplexing of terminal sessions, X11 forwarding, TCP port forwarding, and file transfer.

In practice, SSH is implemented by software like OpenSSH (the most common implementation on Linux and macOS), PuTTY, and Windows OpenSSH. The server runs an SSH daemon (sshd) that listens for incoming connections. The client uses an SSH client program (ssh) to initiate connections. Authentication typically uses public-key cryptography: the client generates a key pair consisting of a private key (kept secret) and a public key (placed on the server). When connecting, the client proves possession of the private key without sending it over the network.

SSH also supports tunneling, where arbitrary TCP ports can be forwarded over the secure channel. This is used to encrypt legacy protocols, bypass firewalls, or create VPN-like connections. The SCP and SFTP protocols run over SSH to provide secure file transfer. Version 2 of SSH (SSH-2) replaced the older SSH-1 and is the current standard, incorporating stronger cryptographic algorithms and fixing security vulnerabilities found in the original protocol.

Real-Life Example

Think of a secure bank vault. The bank has a vault with a very strong door. To access the vault, you need two things: a physical key (your authentication) and the right to be there (your authorization). Now imagine that each time you need to talk to the vault teller, you must pass notes through a tube. Without SSH, these notes are written on transparent paper; anyone in the bank can read them. With SSH, the notes are written in secret code, sealed in an envelope, and sent through a tube that only the teller and you can open.

Here is the step-by-step mapping. Your computer is you standing at the counter. The remote server is the vault teller inside the vault. The network is the pneumatic tube system connecting you. The key exchange is the moment when you and the teller agree on a secret code language that no one else knows. The encryption is the secret code itself, so even if someone intercepts the envelope, they cannot read it. The authentication is the teller checking your ID and the key you show through a small window before letting you send messages.

If you want to move money (transfer a file) or check the balance (run a command), you write it in code, put it in the tube, and it arrives safely. Without SSH, the bank would have to use an open tube where everyone could see your account number and password. That is why banks and IT professionals always use SSH: it keeps the conversation private and proves who you are.

Why This Term Matters

SSH is the backbone of secure remote administration in nearly every IT environment. System administrators use it daily to manage Linux and macOS servers, network switches, routers, and cloud instances. Without SSH, managing remote infrastructure would require physical access or insecure protocols that expose credentials and data to interception.

In cybersecurity, SSH is critical for preventing man-in-the-middle attacks and unauthorized access. Because SSH encrypts all traffic, including passwords, it protects against sniffing on shared networks like Wi-Fi or data center fabrics. Many compliance standards, such as PCI DSS and HIPAA, require encrypted remote access, making SSH a mandatory tool for regulated industries.

In cloud computing, every major provider (AWS, Azure, Google Cloud) uses SSH as the primary method for accessing virtual machines. Automation tools like Ansible, Puppet, and Chef rely on SSH to execute commands across hundreds of servers securely. Even developers use SSH for Git operations, ensuring that source code transfers are encrypted and authenticated.

For network engineers, SSH has replaced Telnet as the standard for managing devices. Cisco, Juniper, and other network vendors support SSHv2 on their equipment. It also enables secure file transfer via SCP and SFTP, replacing older protocols like FTP that send passwords in cleartext. In short, SSH is not just nice to have; it is a fundamental security requirement for any professional managing IT infrastructure.

How It Appears in Exam Questions

Exam questions test SSH in several formats. The most common is port identification: Which port does SSH use? The answer is TCP 22. Another frequent type is protocol comparison: What is the main difference between SSH and Telnet? The correct answer is that SSH encrypts all traffic while Telnet sends it in plaintext.

Scenario-based questions are very common. For example: A network administrator needs to remotely manage a router that is located in a different building. Which protocol should she use to ensure the session is secure? The answer is SSH. Another scenario: A company has deployed a new Linux server that must be managed securely over the internet. What service should be enabled on the server? The answer is SSH (sshd).

Configuration questions appear in CCNA exams. For example: What command is used to enable SSH on a Cisco switch? The answer involves the 'ip ssh version 2' and 'crypto key generate rsa' commands. Troubleshooting questions might ask: A user cannot SSH to a server, but Telnet works. What is the most likely cause? Options could include that SSH is not installed, the firewall blocks port 22, or the SSH service is not running.

Security+ exams may present an attack scenario: An attacker captures network traffic and reads the contents of a Telnet session. What protocol should replace Telnet to prevent this? The answer is SSH. Another question: Which of the following best describes the security benefit of SSH over Telnet? The answer is encryption and authentication.

Network+ exams sometimes ask about the OSI layer where SSH operates. Since it handles session management and encryption, it is an application layer protocol (Layer 7). You might also see questions about SSH key management: What file holds the public keys of authorized users on an SSH server? The answer is ~/.ssh/authorized_keys.

Practise Secure Shell Questions

Test your understanding with exam-style practice questions.

Practise

Example Scenario

Situation: A small business has a web server running Linux in a co-location data center across town. The IT manager, Priya, needs to update the website files and restart the web server. She is working from home on her laptop. Priya cannot go to the data center, and she does not want to use an insecure protocol that might expose her password.

Application of SSH: Priya opens a terminal on her laptop and types 'ssh priya@webserver.example.com'. The SSH client on her laptop initiates a connection to the SSH server running on the web server. A key exchange happens, and an encrypted channel is established. Priya enters her password, which is sent through the encrypted tunnel. Once authenticated, she has a remote command line. She runs 'cd /var/www/html' and uploads the new website files using SCP (which also uses SSH). Finally, she types 'sudo systemctl restart apache2' to restart the web server. All commands are encrypted. Even if someone intercepts the network traffic between her home and the data center, they cannot see her password, the files, or what she is doing.

This scenario shows how SSH makes remote management possible, secure, and practical. Without SSH, Priya would have to drive to the data center or use Telnet, risking a security breach.

Common Mistakes

Thinking that SSH uses port 23

Port 23 is the default port for Telnet, which is an unencrypted protocol. SSH uses port 22 by default. Mixing these up can lead to security issues because Telnet sends all data in plaintext.

Remember that SSH = Secure Shell = port 22. Telnet = unsecured = port 23. Think of the '2' in 22 as the '2' in 'secure' (a mnemonic trick).

Believing that SSH only works for command-line access

While SSH is famous for remote command line, it also supports secure file transfer (SCP, SFTP), TCP port forwarding, tunneling, and even X11 forwarding for graphical applications. Restricting SSH to just terminal access underestimates its versatility.

Learn that SSH is a secure tunnel for any kind of data, not just terminal sessions. Think of it as a secure pipe that can carry many different types of traffic.

Assuming SSH is only for Linux and Unix systems

SSH is platform-independent. Windows has native SSH client and server support (OpenSSH for Windows) starting with Windows 10. macOS and Linux include it by default. SSH can connect any two systems that implement the protocol.

Understand that SSH is a protocol, not an operating system feature. It works across Windows, macOS, Linux, network devices, and more.

Thinking password authentication is as secure as key-based authentication

Password authentication is vulnerable to brute force attacks, phishing, and credential theft. Key-based authentication uses a private key that never leaves your device, making it far more secure. Many exam questions emphasize that keys are preferred over passwords.

Always prefer SSH key pairs over passwords for servers that are exposed to the internet. Keys provide stronger security because they are resistant to guessing and interception.

Confusing SSH with SSL/TLS

Both provide encryption, but they serve different purposes. SSH is primarily for remote command-line access and file transfer, using port 22. SSL/TLS is used to secure HTTP (HTTPS), email, and other application protocols, typically on port 443. They use different handshakes and certificates.

Think of SSH as a secure remote control for servers, and SSL/TLS as a secure wrapper for web traffic. They are not interchangeable.

Exam Trap — Don't Get Fooled

An exam question says: 'Which protocol should be used to securely transfer files between two computers over the internet?' Some learners pick SSL or HTTPS because they associate those with security and file downloads. Remember that SSH includes secure file transfer protocols: SCP (Secure Copy Protocol) and SFTP (SSH File Transfer Protocol).

If the question is about transferring files between systems, especially in a command-line or server context, SSH-based tools are the correct answer. Ask yourself: Is this a web browser scenario (use SSL/HTTPS) or a server administration scenario (use SSH)?

Commonly Confused With

Secure ShellvsTelnet

SSH and Telnet both allow remote command-line access, but SSH encrypts all data while Telnet sends everything in plaintext including usernames and passwords. Telnet is considered obsolete for secure environments. SSH uses port 22; Telnet uses port 23.

If you use Telnet to log into a server, anyone on the same network can see your password with simple packet capture software. With SSH, the entire session is encrypted, so your password remains secret.

Secure ShellvsSSL/TLS

SSL/TLS secures web traffic (HTTPS), email, and other application protocols by using certificates from Certificate Authorities. SSH is for remote command-line access and file transfers, using host keys and user keys. They are different protocols with different port numbers and handshake processes.

When you visit a banking website, HTTPS uses SSL/TLS to protect your browsing. When your system administrator logs into the bank's server to fix a problem, they use SSH.

Secure ShellvsVPN

A VPN creates a secure network tunnel that can carry all traffic from your device to a remote network. SSH also creates a secure tunnel, but typically for a single application or session, not the entire network stack. VPNs operate at a lower layer (network layer) while SSH operates at the application layer.

A VPN makes it seem like your laptop is physically inside the office network, giving access to all office resources. SSH only gives you a command line on one specific server, although it can be used for port forwarding.

Secure ShellvsRDP (Remote Desktop Protocol)

RDP provides a graphical remote desktop experience for Windows systems. SSH provides a text-based command line. RDP uses port 3389 and is proprietary to Microsoft. SSH is cross-platform and primarily text-based, though it can tunnel graphical applications via X11 forwarding.

To see the full Windows desktop of a remote computer, use RDP. To run commands on a Linux server, use SSH.

Step-by-Step Breakdown

1

Client initiates connection

The SSH client (e.g., ssh command, PuTTY) opens a TCP connection to the server's port 22. This is like dialing a phone number to call the remote computer.

2

TCP handshake completes

The standard three-way TCP handshake (SYN, SYN-ACK, ACK) establishes a reliable connection between client and server. Without this, no data can flow.

3

SSH protocol version exchange

The client and server exchange identification strings to agree on which SSH protocol version to use. Modern systems use SSH-2.0, which is more secure than the older version 1.

4

Key exchange and algorithm negotiation

Using Diffie-Hellman or similar algorithms, the client and server create a shared session key. They also agree on encryption algorithms (e.g., AES) and hash functions (e.g., SHA-256). This ensures that even if someone recorded the exchange, they cannot derive the session key.

5

Server authentication

The server sends its host key to the client. The client checks if this key matches a known host key stored locally (in ~/.ssh/known_hosts). If it does not match, the client warns the user, which is a defense against man-in-the-middle attacks.

6

User authentication

The server asks the client to prove the user's identity. Methods include password (encrypted), public-key authentication (the client signs a challenge with its private key), or keyboard-interactive. Once verified, the user is granted access.

7

Encrypted session established

After authentication, all subsequent data between client and server is encrypted using the session key. The user can now execute commands, transfer files, or set up tunnels safely.

Practical Mini-Lesson

SSH is one of the first tools an IT professional learns and uses every single day. To get started, you need an SSH client. On Linux and macOS, the 'ssh' command is built into the terminal. On Windows, you can use the built-in OpenSSH client (available in PowerShell and Command Prompt) or download PuTTY. The server side requires an SSH daemon such as OpenSSH's sshd, which runs as a service and listens for incoming connections on port 22.

To connect to a remote server, you typically type: ssh username@hostname. For example, 'ssh admin@192.168.1.100'. The first time you connect to a new server, you will see a warning that the host's authenticity cannot be established. You need to verify the host key fingerprint (often provided by the server administrator) and type 'yes' to add it to your known hosts file. This prevents future man-in-the-middle attacks.

For key-based authentication, you generate a key pair using 'ssh-keygen -t ed25519' (modern) or 'ssh-keygen -t rsa -b 4096' (compatible). This creates a private key (id_ed25519) and a public key (id_ed25519.pub). You place the public key on the server in the file ~/.ssh/authorized_keys of the remote user's home directory. After this, you can log in without a password, as the client proves possession of the private key. This is much more secure because the private key never leaves your device.

Common issues include connection timeouts (firewall blocking port 22), 'Permission denied' (wrong username, password, or key not authorized), and host key mismatches (the server's host key changed, possibly due to a reinstallation but could indicate an attack). You can enable verbose output with ssh -v to debug. For automation, tools like Ansible use SSH to manage thousands of servers, executing tasks remotely without manual intervention.

Always keep your private key secure with a strong passphrase. Never share it. Use ssh-agent to cache your key so you do not need to type the passphrase repeatedly. Disable password authentication on servers exposed to the internet and use keys only. This is a best practice tested in Security+ and recommended by industry standards.

Memory Tip

SSH = Secure Shell. The '22' reminds you of a 'double secure' lock. Port 22, encrypted traffic, key-based authentication: all double the protection over older protocols.

Covered in These Exams

Current Exam Context

Current exam versions that test this topic — use these objectives when studying.

Related Glossary Terms

Frequently Asked Questions

What is the default port for SSH?

The default port for SSH is TCP port 22. This is the standard port that SSH clients and servers use unless configured otherwise.

Can I change the SSH port from 22 to something else?

Yes, you can change the port in the SSH server configuration file (sshd_config). This is sometimes done to reduce automated attacks, but it is not a substitute for strong authentication.

What is the difference between SSH and SCP?

SSH provides a secure remote command line. SCP (Secure Copy Protocol) uses the same SSH protocol but is specifically for copying files between computers. Think of SSH as the car and SCP as the cargo delivery service that uses the same roads.

Is SSH the same as SFTP?

No, but they are related. SFTP (SSH File Transfer Protocol) is a file transfer protocol that runs over SSH. It provides secure file access, transfer, and management, similar to FTP but encrypted. SSH is the underlying secure connection; SFTP is the file transfer tool that uses it.

Why does my SSH connection say 'Host key verification failed'?

This happens when the server's host key does not match the one stored in your known_hosts file. It could mean the server was reinstalled or reconfigured, or it could be a man-in-the-middle attack. Verify the server's new host key with the administrator before accepting.

Do I need an internet connection to use SSH?

SSH works over any TCP/IP network, including local networks. You can SSH from one computer to another on the same home or office network without internet access.

Is it safe to use SSH over public Wi-Fi?

Yes, SSH is designed to be safe over any untrusted network. All data is encrypted, including passwords and commands. Even on public Wi-Fi, your SSH session is protected from eavesdropping.

Summary

Secure Shell (SSH) is a foundational protocol for anyone working in IT. It provides encrypted remote command-line access, secure file transfer, and port forwarding, all over port 22. SSH replaces older insecure protocols like Telnet and is essential for managing servers, network devices, and cloud infrastructure.

For certification exams, remember that SSH uses port 22, encrypts all traffic, supports key-based authentication, and operates at the application layer. The most critical security practice is to use SSH instead of Telnet and to prefer key authentication over passwords. Whether you are troubleshooting a server, configuring a Cisco router, or automating deployments with Ansible, SSH is the tool you will rely on every day.

Understanding it thoroughly will serve you well on exams and in your IT career.