📖 What is Secure Shell (SSH)?
Secure Shell (SSH) is a cryptographic network protocol used for operating network services securely over an unsecured network. It is most commonly used for remote command-line login and remote command execution with strong authentication.
"SSH replaces Telnet because it encrypts the entire session, including the password, preventing clear-text sniffing by attackers."
📚 Certification: CompTIA Security+ Certification Exam (SY0-701)
🔑 What are the Key Concepts of Secure Shell (SSH)?
- ▸ Encrypts all session data, including authentication credentials, to prevent clear-text sniffing and man-in-the-middle attacks common in older protocols like Telnet.
- ▸ Utilizes TCP port 22 by default, which is a critical detail for configuring firewall rules and identifying open services during network scans.
- ▸ Supports public-key authentication using a private/public key pair, offering a more secure, passwordless alternative to traditional credential-based logins.
- ▸ Provides SSH tunneling (port forwarding), allowing insecure application traffic to be wrapped in an encrypted layer for secure transport across untrusted networks.
- ▸ Ensures data integrity using Message Authentication Codes (MACs) to verify that packets have not been altered by an attacker during transmission.
🎯 How does Secure Shell (SSH) appear on the SY0-701 Exam?
You may be asked to recommend a secure replacement for Telnet after a vulnerability scan reveals clear-text administrative traffic on port 23. You must identify SSH as the correct protocol to ensure encrypted remote management.
A scenario might describe a requirement for automated, passwordless communication between two servers for secure backups. You will need to identify SSH public-key authentication as the most secure and efficient implementation.
Expect questions where you must distinguish between SSH and other remote access tools when a company needs to securely manage network devices over a public internet connection while preventing credential theft.
❓ Frequently Asked Questions
What is the difference between SSH and SFTP?
SSH is the general-purpose protocol for secure remote command-line access. SFTP (SSH File Transfer Protocol) is a specific file transfer service that runs over an SSH connection to provide secure file management and transfer.
How does SSH prevent Man-in-the-Middle (MITM) attacks during the first connection?
SSH uses host keys to identify the server. Upon the first connection, the client stores the server's public key in a 'known_hosts' file to verify the server's identity in all future sessions.