Customer Service and Booking Hotline: +44 (0) 845 672 0175


The Architecture of Secure Shell (SSH)

Around twelve separate components are included in a server-side implementation of the SSH protocol. The main functions are discussed in this article introducing the functional architecture of SSH.

  • An SSH server accepts incoming connection requests from SSH clients. On UNIX and Linux systems, the server is normally called sshd (the ssh daemon)
  • An SSH client requests a connection to a server. OpenSSH includes command line clients, including ssh, scp, and sftp. The PuTTY client offers ssh connections, port forwarding, X forwarding, etc through its Graphical User Interface (GUI)
  • An SSH Session begins with the authentication stage and ends when the session is terminated by either end of the connection.
  • SSH Keys may be public, private or secret (session) keys. SSH makes extensive use of keys for authentication and cryptographic services. A user key is a public key which is created by a user and may be installed in various machines to allow authentication. It is persistent across multiple sessions. A host key is created by a system administrator and is held on the system to which it relates and on other systems on which it has been manually or automatically installed. It is a public key and is persistent across multiple sessions. A session key is generated after the authentication stage of an individual session, is a secret key, and only exists for the duration of the session.
  • Known hosts are hosts who have their host keys stored in the local known-hosts database of a machine. When such a machine connects to one of the known hosts, authentication is carried out automatically, based upon trusting the stored host key, and correctly receiving a digital signature from the remote host which corresponds with the host key.
  • By distributing public keys for hosts and users to the correct set of machines, it is possible to use public/private key based authentication to make login transparent to the user; other authentication schemes (such as conventional username/password combinations for user authentication to the remote machine) are also possible.
  • The SSH protocol includes a transport element which can multiplex multiple channels across a single SSH connection. In this way services such as port forwarding and X-forwarding can be provided simultaneously across a single connection.

Bookmark this article

Share this article using the following sites:

Courses by category...

Glossary Search

Newsletter Sign-up

Our RSS Feeds...