← Lessons

quiz vs the machine

Gold1420

Networking

The SSH Protocol

How a secure shell builds an encrypted, authenticated channel.

5 min read · core · beat Gold to climb

A Secure Remote Channel

SSH (Secure Shell) gives you an encrypted, authenticated connection to a remote host, typically on port 22. It replaced older tools that sent passwords and sessions in the clear.

Three Layers

  • The transport layer negotiates encryption, exchanges keys, and verifies the server's host key so you connect to the right machine.
  • The authentication layer proves who you are, usually with a public and private key pair rather than a password.
  • The connection layer multiplexes many logical channels such as a shell, file transfer, or forwarded ports over the one encrypted tunnel.

Key Based Login

Your client holds a private key and the server stores your public key. During login the server challenges you to prove you hold the matching private key, without ever transmitting it. This resists guessing far better than passwords.

Key idea

SSH layers a key exchanged encrypted transport, public key authentication, and channel multiplexing to give one secure tunnel for shells, files, and forwarded ports.

Check yourself

Answer to earn rating on the learn ladder.

1. What does the SSH host key let the client verify?

2. How does key based SSH authentication avoid sending the secret?

3. What does the SSH connection layer provide?