Understanding Secure Shell

This diagram outlines the basic steps involved in creating a Secure Shell channel and using it to transmit data securely.

  1. Establish a secure connection.

    The client and server negotiate to establish a shared key and cipher to use for session encryption, and a hash to use for data integrity checking.

  2. Authenticate the server.

    Server authentication enables the client to confirm the identity of the server. The server has only one chance to authenticate to the client during the authentication process. If this authentication fails, the connection fails.

  3. Authenticate the client.

    Client authentication enables the server to confirm the identity of the client user. By default, the client is allowed multiple authentication attempts. The server and client negotiate to agree on one or more authentication methods.

  4. Send data through the encrypted session.

    Once the encrypted session is established, all data exchanged between the Secure Shell server and client is encrypted. Users now have secure remote access to the server and can execute commands and transfer files securely through the secure channel.

  5. Use port forwarding to secure communications between other clients and servers.

    Port forwarding, also known as tunneling, provides a way to redirect communications through the Secure Shell channel of an active session. When port forwarding is configured, all data sent to a specified port is redirected through the secure channel.