Have you ever wondered how computers can communicate with each other safely over the internet? If so, you have Secure Socket Shell or SSH to thank for it. This is a network protocol that allows you to safely transfer data between a computer and a server.
SSH dates back to 1995 but has gone through several evolutions since its inception, yet it still remains one of the most important aspects of IT. Today, most devices use either SSH-2 or OpenSSH (Windows 10), and web developers need to be aware of it.
This article will discuss what SSH is and its importance in web design.
What Is SSH?
The meaning of SSH is very complex, and in truth, it would go over most people’s heads. The good news is that you don’t need to fully understand it, you just need to know the basics unless you are an IT major.
By definition, SSH is a network protocol that enables users to gain remote access to a computer, or another device, by providing SSH Keys as credentials. In the majority of cases, SSH is only implemented for highly sensitive data and devices that need encryption.
The most common uses of SSH include:
- Remote Access Devices to Perfrom Maintenance or Provide Support
- File Transfers From One Device to Another
- Execute Commands Remotely
- Update Devices in An Office
Due to the numerous security advantages SSH offers, more on that later, it has become the standard for remote access. Let’s discuss how it works.
How Does It Work?
This can get pretty complicated on more advanced networks, so let’s keep it simple.
Let’s say you want to transfer a file from your computer to a server for storage. It’s pretty standard stuff. If you did not use SSH, that file would be readable to anyone who knows where to look during the data transfer.
As you can imagine, it is problematic for sensitive data.
This is where SSH comes in. To access this data, you would need the SSH Keys to read it, which only the user and the server know. Thus, if someone tries to read the file while it is transferring, they won’t be able to due to its encryption.
Again, SSH is typically reserved for more sensitive data, so there is a good chance you have never used the SSH Keys when using remote access.
The Three Layers of SSH Protocol
If we dig a bit further and examine the interworkings of this protocol, you will realize there are three distinct parts. These are known as layers and consist of:
- Transport Layer
- User Authentication Layer
- Connection Layer
I will cover what each layer does in its simplest form.
Transport Layer
As the name suggests, this layer is in control of key exchange between devices. It also handles encryption and compression that occurs between these devices for the duration of the interaction. Only plain text is transported within this layer.
User Authentication Layer
This layer is the real meat and potatoes of the protocol, as it is in control of authentication throughout the process. There are four main authentication methods that are used. These include:
- Passwords: Passwords is the method most are familiar with. The user enters a password and if it is correct, they gain access. While it is straightforward and easier for users, there are more secure options that exist.
- Public/Private Keys: On the surface, these are similar to passwords, but are strictly managed by an organization’s IT team. Public keys are created in pairs, with the other being known as a private key. The public key is shared to whoever needs it, while the private key is only known by a few individuals.
- Keyboard Interactive: In its simpilest term, this can be compared to 2FA where the server will ask a question, and if the answer is correct, it will provide a one-time password the user can use to access the connection.
- GSSAPI: GSAAPI, or Generic Security Service Application Programming Interface, is a common interface you can use to access the Kerberos security system used by Microsoft Windows.
The Authentication Layer is that which the user will interact and input their passwords and whatnot.
Connection Layer
Finally, this layer is all about connecting your devices together using channels. One connection can have multiple channels of communication, and those channels are not one-way. They can send data back and forth at the same time.
It also controls some other minor things like the appearance of the connection (terminal) window.
The Different Types of SSH Encryption
SSH is encrypted, but there are multiple ways this can be accomplished. Each method has its own advantages and disadvantages, which is why different methods are used in different situations. Let’s take a look at the three most common encryption methods.
Symmetrical Encryption
To put it simply, symmetrical encryption is when there is only one encryption key that can be used to encrypt and decrypt. Or in other words, anyone who has access to the key can encrypt or decrypt any data that uses this method.
This method can be used to encrypt the entire process, not just the data. The key is generated with a process known as a key exchange algorithm, which is quite complicated. Essentially, both parties provide a bit of info and the key is generated.
Overall, this type of encryption is quite popular and encrypts everything from data to the passwords entered.
Asymmetrical Encryption
If you remember back to the User Authentication layer, I mentioned private and public keys. If you were to use that authentication method, you would also be using Asymmetrical encryption because it requires these two keys.
In its simplest form, asymmetrical encryption happens within symmetrical encryption (since it encrypts everything) and the two devices use the public key to which acts as the secret for symmetric encryption.
This is only one possibility as there are multiple ways to use this encryption.
This has a wide arrange of uses and is always used alongside symmetrical encryption.
Hashing
Hashing is different from the last two encryption methods. In this method, a hashing algorithm is used to create a unique hash string. The machine will then send that hash string along with the hash value needed to open it.
The machine that is receiving the data knows the algorithm and can apply the value to open the data. If the values do not match, then the data was corrupted and cannot be read. Ultimately, it protects all types of data but has one drawback.
It is very difficult to achieve. However, this standard encryption is far more common.
So How Does This Impact Web Design?
We’ve talked a lot about what SSH is, but haven’t really connected it to web design yet, have we?
Clearly, SSH is not going to impact actually creating a website or designing content for it. No, instead this is more of a back-end thing that many beginners overlook. One of the main components of running a website is purchasing web hosting services.
You are essentially renting out a server to host your website. When someone accesses your website, they are really connecting to that server. Now depending on the plan you purchase, you may be sharing that server with other people, or have a dedicated one to yourself.
In a shared environment, you cannot set up SSH because your access is typically limited by the web hosting company. However, if you rent a full server, that restriction is gone and you can set up SSH. This gives you more control over the webserver.
Remember, you can use SSH to issue and execute commands on a code level. That is an invaluable tool to a talented web developer.
That said, for simple websites, setting this up may be overkill. It really comes down to the situation and what you’re trying to achieve.
FAQ
Who Should Be Using SSH?
Organizations that need to transfer sensitive data between devices may want to invest in SSH, but this does require an IT team.
As such, small websites or businesses probably won’t need to incorporate such technology, at least in their early days. However, if they deal in particular industries like consulting, you may be forced to set this up to ensure confidentiality between clients.
Is All Remote Access Secured By SSH?
No.
Most remote access on a home network does not use the SSH protocol. Instead, you are vulnerable to anyone who knows how to steal data.
That said, the odds of your local network being compromised are extremely low. The risk is when you remote access a device from a public space.
A great example of this would be going to the library and accessing your desktop at home. If the network is not secure, remote access should be avoided if sensitive data is available on the device.
Does That Mean Remote Play Services From Steam or PlayStation Are Not Safe?
One of the biggest misconceptions is that when you are streaming a game, it is the same as remote access to the device.
It is not.
In both the case of Steam and Playstation, you are streaming the device’s output on another device. You are not transferring data.
Thus, it is completely safe to use remote play for gaming. That said, be sure to enable 2FA for additional security.
Are There Any Drawbacks to SSH?
Absolutely.
As I have mentioned, there are multiple authentication and encryption methods, and they exist because SSH is not impenetrable. If there was only one way to do things, hackers would have figured out a way to get into any company’s server.
One example of this is SSH tunneling, which is a process in which someone can use port forwarding to access their computer from work. Most commonly, IT members do this, and they shouldn’t because it creates a back door into the network.
Especially since anyone can use port forwarding.
Is An SSH Key Generator Safe?
Absolutely!
They simply generate random key sequences that you can use. Just keep in mind that you should update your keys on a regular basis. This ensures that only the people who need them have access to the latest version of the key.
Again, it’s all part of the IT team’s job.
The Internet Isn’t A Safe Place
It’s no secret that the internet is not a safe place, which is why every website needs to use security plugins and set up firewalls to stay safe. Even just viewing the web isn’t safe.
Most devices run anti-malware and virus protection for a very good reason.
SSH is designed to help organizations keep sensitive information from falling into the wrong hands, and it does an excellent job in doing so. However, it’s a rather complex process that is often handled by experienced IT teams.
As hackers become more talented and resourceful, the value of SSH will only grow.
Does your business incorporate SSH in any form? If so, what type of encryption do you favor?