How Does SSH Work? Understand Encryption, Ports, and Connection

How does SSH work

System administrators require a secure connection while connecting to a computer over a network to protect themselves from harmful cyberattacks like identity theft.

Due to vulnerabilities in large networks' security, encryption protocols such as TLS/SSL, IPsec, S/MIME, PGP, and SSH are required to provide the necessary protection for network administrators.

In this article, you'll learn SSH, the client-server model, its features, how it works, and more. Let's start right away!

What Is SSH?

SSH is an acronym for Secure Shell.

SSH protocols specify standards for SSH communications security, which are necessary for operating network systems securely between untrusted hosts over unprotected networks. You can use SSH to encrypt client and server communication on weak networks.

Initially, the term "shell" in SSH was applied to software that ran Unix commands. The phrase relates gradually to server user interfaces that make Unix orders easier for users to engage with.

SSH manages more than half of all local and cloud-based network administrators. Using SSH, networking devices, ports, routers, software platforms, and apps can be secured, configured, managed, maintained, and operated.

Moreover, SSH protocols cover data integrity, encryption, and SSH authentication.

What Is an SSH Client?

An SSH client is a program that establishes secure and authenticated SSH connections to SSH servers. The client-server architecture model is the foundation of SSH.

Any machine linked to networks is referred to as a host, and clients and servers are applications that run on hosts.

The user first utilizes their computer to connect to a remote computer. Next, they can utilize a graphical user interface or command line tool to transfer files between the client and server. But keep in mind that the client and server must enable SSH.

SSH clients request remote access to connect to a remote system using SSH.

Most SSH clients offer additional features than the standard SSH command line execution, such as the capacity to run many sessions concurrently, the ability to highlight keywords across sessions, the usage of other connection types, and the ability to save passwords.

Basic Secure Shell Features

So, what can SSH do? Let's explore some of the basic features.


A daemon is a background-running program set up to carry out particular functions for a specific program. An SSH daemon is software that waits for connection requests, often on port 22.

It authenticates connection requests and initiates connections, which must be running on the remote systems to establish SSH connections.

The SSH daemon enables you to send encrypted data between untrusted servers over an unsecured network.


The Internet Engineering Task Force (IETF) issues the Request for Comments (RFC) as a formal document that specifies Internet- and TCP/IP-related topics. For example, it can describe technologies, standards, and protocols. Currently, there are over 9,000 RFCs.

The SSH transport layer must permit absolute forward secrecy by RFC. For instance, a hacker could not view previously sent data due to the perfect forward secrecy if a server's private key was compromised.

SSH Layers

SSH has three layers: connection, user authentication, and transport.

  • The transport layer authenticates the server and ensures secrecy and integrity while managing the encryption and decryption of the sent data.

  • The user authentication layer verifies the client's identity..

  • The connection layer controls the secure channel that data uses to go between verified parties during the data exchange data process. There is a secure channel and data stream for various forms of communication, such as connection to a remote server or service running simultaneously or forwarded X11 session.

SSH Encryption

Using encryption is SSH's key advantage over competing protocols. SSH encrypts all communication in transit between the client and server. Anyone who's part of the communication using a packet-sniffing tool will be able to read or decrypt the data that is being transmitted.

You will learn more about the types of SSH encryption, i.e., symmetric encryption, asymmetric encryption, and hashing, which are explained below.

Port Forwarding and Tunneling

You can use the terms port forwarding and tunneling as synonyms for the three types of port forwarding: local port forwarding, remote port forwarding, and dynamic port forwarding, which come to be referred to as tunneling altogether.

SSH tunneling allows unencrypted traffic to be transmitted via an encrypted channel. Even though the FTP protocol doesn't support encryption, it is possible for you to create an encrypted SSH tunnel for data transmission between the client and the FTP server.

SSH tunnels can be used to get around firewalls and access geo-restricted materials.

X11 Forwarding

When a user requires remote access to a remote computer and also needs to visit a GUI to examine data or an application that is currently running, SSH makes X11 forwarding possible.

Using X11 forwarding, a user can start a small program and then transfer the program's output to a nearby Windows operating system.

How Does SSH Work?

SSH is easy to utilize with SSH commands using Linux or Mac. You'll need to use an SSH client to open an SSH connection on the Windows operating system.

Users of Mac and Linux should open their terminal program and then carry out the steps listed below, which make up the following SSH commands.

Image showing SSH command.
  • You can open an encrypted secure shell connection setup process by telling your local machine you want to do it by utilizing the SSH command

  • The user is the username for the account you wish to access. For instance, you could access the root account, which has complete control over the system and is essentially the same as the system administrator

  • The host is the computer you want to access. This could be the domain name or an IP address

After you execute commands, you'll be asked for the password when you press Enter. Although nothing will appear on the screen as you enter it, your password is being sent. Hit Enter once more after you finish typing. If your password is correct, a small terminal window will appear.

On the other hand, utilizing SSH is different in Windows. Although you can start SSH via the command line, most users prefer PuTTY, the most widely used SSH client.

Users of Windows should carry out the following steps.

  • Install and download SSH client, for instance, PuTTY. Although Windows has a built-in command prompt, this is the most user-friendly way to establish a connection.

  • Then you need to launch PuTTY. PuTTY's user interface has a Hostname/IP address section where you should enter the information for the system you want to SSH into.

  • You can click Open after entering the correct address in the Hostname or IP address field.

  • Then, you'll be asked to validate your connection. Select Yes. After this, you'll be connected to the remote system.

  • As asked, you must enter your username and password. This is a standard procedure and a security feature because the password is not displayed on the screen.

  • You are now in control of the remote machine under your authority; therefore, you can execute shell commands.

  • Lastly, when you finish the SSH session, type exit and hit Enter or close the window.

Image showing Windows SSH client PuTTY's configuration.

Remember, when you aren't utilizing it, it's crucial to stop an SSH session to avoid sending unintentional commands or leaving it open in case your computer is hacked.

The Different Types of Secure Shell Work Encryption Explained

Secure shell protocol uses three technologies: symmetrical, asymmetric encryption, and hashing. Let's learn more about them!

How Does Symmetric Encryption Work?

Symmetric encryption is a type in which the SSH clients and the host share duplicate SSH keys to encrypt and decrypt messages. In reality, anyone with the encryption key can decrypt the message sent.

Shared key or secret encryption are other names for symmetrical encryption; typically, just one key is utilized, though occasionally, there may be two, either of which can be determined using the other.

Image showing generating SSH keys with symmetric encryption.

The client and host agree on their choice of encryption by releasing a list of supported chippers in ascending order of preference before establishing secure connections.

The client and the server generate the secret key during an entire SSH session, and other parties won't receive the generated key.

A key exchange algorithm produces its private key. The key is calculated by the two computers using public and private key pairs that they share. Since the key exchange algorithm is unknown, if another local machine intercepts the exchanged data, it will be unable to derive the key.

As each SSH session secret token is unique and created before client authentication, all packets traveling between the local and remote computers must use the private keys to encrypt them after the same key has been generated. Credentials are always shielded from network packet sniffers because the user-typed password is included.

Advanced encryption standards, CAST128, and Blowfish are examples of other symmetric encryption.

How Does Asymmetric Encryption Work?

Asymmetric encryption utilizes two keys for encryption and decryption, i.e., a public key and a private key. These two keys work together to create a public-private key pair.

Anyone can encrypt the message using the public key file format, but only the recipient with their unique private key can decrypt it.

Image showing the process of generating SSH keys with asymmetric encryption.

The server utilizes the client's public and private keys to confirm the client's identity during the user authentication phase because the only matched private key can decrypt anything encrypted using the public key.

Mechanisms for encryption and decryption are automatic procedures.

The SSH session starts if the SSH client can successfully decrypt the message, providing that it has the private key needed for the connection.

How Does Hashing Work?

One-way hash functions differ from the two types of encryption is that they are never intended to be decoded. For each input, they provide a singular value of set duration that exhibits no discernable trend that can be taken advantage of. They are nearly impossible to reserve due to this fact.

Image showing the process of creating cryptographic network hash.

Creating a cryptographic network hash from a given input is simple, but generating the information from the soup is impossible. In other words, if clients have the correct input for the cryptographic network protocol, they can create a cryptographic hash and check its value to see if they have the correct information.

Secure shell protocols use HMAC or hash-based authentication methods to verify the message's authenticity.

A suitable message authentication method is chosen together with the symmetrical encryption key algorithm. This operates similarly to how the cipher is selected.

Every transmission must have a MAC produced for each message delivered using the symmetric key, packet sequence number, and message contents. The final component of the communication packet is transmitted outside of symmetrically encrypted file transfers.

How Do These Encryption Methods Work with SSH?

Secure shell uses a client-transfer architecture to enable the SSH authentication of two remote computers and the encryption of the data that is transferred between them.

SSH, by default, must start the TCP handshake with the server, ensure a secure symmetric connection, check that the identity displayed by the server matches the previous records (typically stored in the RSA key store file transfer protocol), and provide the necessary user credentials to authenticate the connection before SSH connection can be established.

The secure connection process involves two steps: the user authentication process and both systems must agree on encryption standards to safeguard future conversations. The user is given access if the credentials match.

Image showing SSH working with encryption method.

How Secure Is SSH?

The SSH network protocol is extremely secure when used with conventional security measures. However, maintaining the security of SSH connections depends on human factors.

On SSH servers, brute force attacks are usual. Attackers utilize popular identities and passwords to attempt to connect to a remote SSH server. They employ privilege escalation to reach the root account after accessing the system.

Using SSH keys rather than authentication methods such as passwords is advised. Organizations whose vital information depends on maintaining the confidentiality of the keys continue to face significant danger from improper SSH key management.

Another potential security flaw is exposed SSH ports. Some malware programs target Internet of Things (IoT) devices with accessible ports, exploring those devices as a backdoor to the local network.

The network communication protocol's security also depends on third-party applications' security due to the abundance of SSH clients on the market.


The secure socket shell is a complex network protocol, yet all communication between the SSH client and SSH server is completely encrypted and safe. Practically, it's a secure alternative for any organization that requires secure file transfers, and online communication might benefit greatly from it.

Bruno Mirchevski
The author
Bruno Mirchevski

Bruno Mirchevski is a seasoned hosting industry professional. With years of experience, Bruno is dedicated to helping individuals and businesses find the best web hosting solutions. As a hosting expert at HostAdvice, Bruno provides valuable insights and guidance to users seeking reliable hosting services. He also owns The Logician trademark and manages his personal brand and HE Group. His passion for the industry is reflected in his dedication to speaking at events and publishing articles and reviews on various online platforms. You can check out the most reliable and up-to-date information about web hosting directly on our blog, where Bruno shares his expertise and insights. Social profiles are available here: Twitter @brunomirchevski, LinkedIn and Quora

Frequently Asked Questions

Is an SSH server required to establish a connection?

Yes, the SSH server is the only one that can start any network connection. Additionally, it keeps an eye on new relationships and reacts to them. The servers do that by using TCP port 22 on the host machine.

Every SSH connection requires the server to use public key cryptography to identify itself to the client at the outset. Client authentication is required so the SSH client may confirm that it is a trusted server, not an intruder.

What is SSH protocol mainly used for?

SSH is typically used for logging into a remote computer and executing commands, but it also supports tunneling, X11 connections, and TCP ports.

By utilizing the SSH file transfer protocol or secure copy protocol, SSG can also transfer files.

Is SSH traffic encrypted?

Yes, all SSH traffic is encrypted. All actions are private whether users are browsing on the Internet or running a command.

Do SSH servers use encrypted SSH tunnels?

No, network communications between the SSH server and the remote servers do not use an encrypted tunnel.