How does SSH actually work

What is SSH

Secure Shell (SSH) is a protocol used to safely connect and send commands to remote machines from your local machine. A common use is to connect to your deployment server hosted in the cloud and control it from your local machine. An SSH command usually looks like this:

ssh user@<IP_Address>

Your server will have the SSH daemon (sshd) running on port 22, allowing you to connect to it. You can also connect using other ports with the -p flag like this: ssh -p <port_number> user@<IP_Address>. Make sure sshd is set to listen on that port number on your server. You can find the file /etc/ssh/sshd_config on your server to set the port numbers the daemon listens to.

With that explained, how does SSH actually work? Let’s explore it further.

How does SSH work internally

SSH is a protocol built on top of TCP/IP, similar to HTTPS. It encrypts traffic end-to-end using public key cryptography. When you run the command ssh user@<IP_Address>, the SSH client connects to the SSH server over port 22 using a basic TCP handshake. Then, the client and server exchange SSH protocol versions and decide which cryptographic algorithms to use, such as Diffie-Hellman or ECDH for key exchange and AES for encryption. During the key exchange, they establish a shared secret without directly transmitting it. Server authentication occurs on the client side, where the server sends its public key. The client checks this key against the ~/.ssh/known_hosts file. If the key is not in the file, the user is prompted like the following to accept it.

The authenticity of host '178.111.18.112' can't be established.
ECDSA key fingerprint is SHA256:dsjdba4sa7iudybduiduo ad098bsmvs+ijO8Y.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:3: abc.xyz.com
Are you sure you want to continue connecting (yes/no/[fingerprint])?

You may have seen this prompt on your terminal if you've ever tried to SSH into a server.

Once the shared session key is established, all further communication is encrypted using a symmetric encryption algorithm like AES, which was agreed upon earlier. The server may also prompt for a password to authenticate the user.
That's it! An SSH connection is established between the client and server, allowing the client to execute commands on the remote server.

How is it different from HTTPS

HTTPS is also a protocol built on top of TCP/IP that uses encryption. So, what's the difference? Unlike SSH, HTTPS uses SSL/TLS certificates for authentication. It's important to note that HTTPS also encrypts traffic like SSH. However, HTTPS is designed to be stateless, while SSH maintains a state (such as the current working directory). It's easier for a client to mistakenly trust a fake SSL/TLS certificate from a web server than to trust a public key from an SSH server, because the client is immediately alerted about unknown hosts. HTTPS is designed to handle web traffic and is understood by browsers, whereas SSH is a command-line-based protocol. These are some differences between SSH and HTTPS.

Conclusion

There you have it! Now you understand how SSH works internally and how it differs from HTTPS. You can learn more about SSH by visiting this link. Thanks for reading, and happy coding!