Page Content

Tutorials

Load more

What is SSH in Networking, Architecture and Uses of SSH

CCNA
Jetipalli Lavaya
Author: Jetipalli Lavaya
8 min.read

What is SSH in Networking?

A TCP/IP application layer protocol called Secure Shell (SSH) was created to facilitate terminal emulation between a client and server. Over a typical TCP/IP connection, it creates a secure session akin to Telnet. TCP port 22 is where SSH runs.

SSH preserves an encrypted connection while performing a number of essential tasks, such as transferring data between systems, executing applications on distant systems, and logging into systems. When compared to previous protocols like Telnet, RSH, and Rlogin, SSH is regarded as the new-generation protocol.

Establishing a safe, encrypted connection between a client and a server is the main goal of SSH.

What is SSH in Networking
What is SSH in Networking

Core Function and Security Advantages

In particular, SSH was created as a safe substitute for previous, unencrypted protocols like rlogin, rexec, rsh (Berkeley Remote Shell), and Telnet.

The key features and security benefits of SSH include:

  • Encryption and Confidentiality: SSH establishes a secure session by using dynamic key exchange and encryption to encrypt all data exchange, including instructions and login credentials. This protection is crucial since earlier protocols, such as Telnet, conveyed configuration data and login passwords in plain text, which made them extremely susceptible to eavesdropping and packet sniffing.
  • Authentication: Strong authentication is provided by SSH for both the user and the distant machine. Accountability is provided by requiring both a login and a password. Stronger techniques like public key authentication are strongly advised, even if they allow basic password authentication over the encrypted channel.
  • Integrity: Using message authentication codes (MACs) to guarantee data integrity, the protocol guards against manipulation.
  • Application: Secure file transfers, remote program execution, and system login are all made possible with SSH.

You can also read What is Storm Control in Networking, Purpose & How it Works

Architecture and Operation

SSH employs a client-server architecture in which a client connects to a server (or daemon, like sshd) that is operating on a distant device. The SSH server is listening on TCP port 22 by default.

The SSH protocol operates as a layered suite comprising three principal hierarchical components:

Transport Layer Protocol (SSH-TRANS):

  • The initial configuration of the secure channel is managed by this lowest layer.
  • Using key exchange techniques like as Diffie-Hellman, the client and server agree on the encryption algorithms and a shared session key. All subsequent data is symmetrically encrypted using this session key.
  • It also provides server authentication, where the server proves its identity to the client using its public key, which is often stored on the client’s machine (known_hosts file).
  • Employing hashing methods to identify any modifications made during transmission guarantees data integrity.

User Authentication Protocol (SSH-AUTH):

  • This layer authenticates the user to the server after an encrypted, secure channel has been created.
  • Common authentication methods include:
    • Password Authentication: A password and username are communicated via the channel, which is already encrypted.
    • Public-Key Authentication (SSH Keys): With public-key authentication (SSH keys), the user gives the server their public key. This public key is validated by the server using a list of approved keys. Without ever sending the private key over the network, the user demonstrates that they are the owner of the matching private key. This is frequently utilized for automated procedures and is typically regarded as the most secure.

Connection Protocol (SSH-CONN):

  • This layer runs once authentication is complete.
  • It handles multiplexing, allowing the single secure connection (the “tunnel”) to host multiple logical channels for various services. These services include:
    • Interactive shell sessions (remote login).
    • Remote execution of commands.
    • Port Forwarding/Tunneling (securely forwarding network connections).
    • File Transfer using protocols like SFTP (Secure File Transfer Protocol) or SCP (Secure Copy Protocol).

Encryption and Key Management

SSH uses public-key cryptography to authenticate the remote computer and, if necessary, to authenticate the user.

  • Key Pairs: Authentication using SSH keys relies on an asymmetric public-private key pair. The private key must remain protected on the user’s local machine, while the public key is placed on the remote server (e.g., in the ~/.ssh/authorized_keys file on Unix-like systems).
  • Authentication Process: In key-based authentication, the client provides the server with proof of ownership of the private key without sending the key over the network.

Primary Uses of SSH

System administrators and network engineers utilize SSH extensively on a variety of systems, including Microsoft Windows and the majority of Unix variants (Linux, macOS, and BSD).

Key applications include:

  • Remote Login and Command Execution: Accessing a remote computer’s command-line interface (CLI) to execute commands or open a shell. This is done using commands like ssh user@hostname.
  • Secure File Transfer: Protocols for secure file transfer that operate over an encrypted channel are supported by SSH:
    • Secure Copy Protocol (SCP): Using SSH for encryption and authentication, Secure Copy Protocol (SCP) offers a safe way to move files.
    • SSH File Transfer Protocol (SFTP): An alternative to FTP that is safe is the SSH File Transfer Protocol (SFTP).
  • Tunneling/Port Forwarding: Creating secure tunnels to safely forward network connections for other protocols (such as HTTP or RDP) is known as tunneling or port forwarding. This is frequently done to get around firewalls or security concerns when exposing a virtual machine to the internet directly.
  • Automated Management: SSH keys are used to provide safe, password-free access to backup systems, scripts, and configuration management applications (such as Ansible).

You can also read Cisco Switch BPDU Guard Configuration In Networking

Versions and Development

SSH was first introduced in 1995 by Tatu Ylönen.

  • SSH Version 1 (SSH-1): Data integrity and password sniffing vulnerabilities were among the fundamental design problems in SSH Version 1 (SSH-1). It is now generally regarded as outdated and therefore to be avoided.
  • SSH Version 2 (SSH-2): Accepted as a standard in 2006, SSH-2 is incompatible with SSH-1 and provides enhanced security. It brought more powerful encryption techniques like AES and novel key-exchange systems. SSH-2 is supported by the majority of contemporary servers and clients.
  • Future Development (SSH3): In 2023, an alternate implementation called SSH3 was put forth. It was intended to use TLS 1.3 and run on top of HTTP/3, which is powered by QUIC. It has features including X.509 certificates and quicker session setup.

Configuration on Cisco Devices

SSH setup is a component of network device security and device hardening. There are steps involved in setting up a switch or router for SSH access:

  • Configure Hostname and Domain Name: The switch or router must have both a hostname (e.g., hostname sw1) and a DNS domain name (e.g., ip domain-name cisco.com) configured. These are required because the SSH server uses the fully qualified domain name (FQDN) to create the encryption key.
  • Generate RSA Keys: Use the global configuration command crypto key generate rsa. This process automatically enables SSH. You will be prompted to choose the size of the key modulus, which should be at least 768 bits to support SSH version 2. Cisco recommends a minimum modulus size of 1024 bits.
  • Configure Local User Authentication: Define usernames and passwords globally (e.g., username name secret pass-value).
  • Configure VTY Lines: Access the virtual terminal lines (VTY) in line configuration mode (e.g., line vty 0 15) and configure them to use the local database for authentication using the command login local.
  • Specify Transport Input: Within the VTY lines, use transport input ssh to allow only SSH access. Alternatively, transport input ssh telnet or transport input all allows both SSH and Telnet connections.
  • Enable SSH Version 2: It is strongly suggested (though not mandatory) to enable SSH version 2 using the global command ip ssh version 2.

Operational and Management Contexts

SSH Client on IOS Devices Cisco IOS devices often include a built-in SSH client, allowing network engineers to remotely access another device configured with SSH (router-to-router or switch-to-router access). The syntax to remotely access a device using the IOS SSH client is generally ssh -l username host. The -l flag is used to specify the login username.

Verification and Status Commands

The following commands can be used to see the SSH server’s and active connections’ status:

  • show ip ssh: Displays status information for the SSH server, including the version used and authentication parameters (timeout and retries).
  • show ssh: Lists status information about current SSH client connections into and out of the local device, including the version, encryption method, and username.

Using ACLs to filter access IOS makes use of a virtual terminal (VTY) line when an external user tries to connect to a router or switch via Telnet or SSH. These VTY lines can have Access Control Lists (ACLs) applied to them to filter the source IP addresses that are permitted to SSH or Telnet into the device. This will stop unauthorized attackers from ever seeing a password prompt.

Associated Protocols

  • SSH Copy Protocol (SCP): SCP provides a secure method for transferring files by relying on SSH for both user authentication and encrypting all data transfer. When using SCP, the router acts as the server, and the transfer is typically initiated using an SCP client application on a separate computer. It can be enabled using the command service scp enable.
  • SSH File Transfer Protocol (SFTP): In order to enable file transfers, the SSH File Transfer Protocol (SFTP) presupposes a secure channel, like an encrypted SSH connection.
  • Configuration Management Tools: Programs such as Ansible use SSH connections to implement playbook file configuration changes. To manage configurations, Ansible needs root Secure Shell (SSH) access to the remote system.

You can also read What Is VLAN Hopping Attack? How Does VLAN Hopping Work

Previous article
MFA Vs 2FA Authentication, Methods, Benefits And Importance
Next article
What Is Reflection Attack? How To Prevent Reflection Attack
Jetipalli Lavaya
Jetipalli Lavaya

About Us 

Contact Us

Privacy Polacy

Disclaimer

© G Solutions

Index