Security

What Is SSH, and Can It Help Companies Securely Manage Networks?

The Secure Socket Shell protocol can help IT teams remotely access devices and secure automated processes.

Juliet is the senior web editor for StateTech and HealthTech magazines. In her six years as a journalist she has covered everything from aerospace to indie music reviews — but she is unfailingly partial to covering technology.

The world is becoming more connected, and businesses are searching for ways that authentication tools can help ensure security in every circumstance. One of the tools that network administrators frequently use is Secure Shell, or Secure Socket Shell (SSH), in order to ensure device security in an unsecured network.

What Is SSH?

Created to replace less secure login options, such as Telnet, remote login or remote shell, SSH is a network protocol that offers authentication and encrypted data communications over an open network, allowing administrators to securely login remotely to a device.

“SSH is widely used by network administrators for managing systems and applications remotely, allowing them to log into another computer over a network, execute commands and move files from one computer to another,” Tech Target states.

How Does SSH Work?

There are several ways that SSH can work to create a secure connection, but the most common are via public key authentication or a username and password combination. Public key authentication involves a private client and a public server, which communicate to enable secure remote access only for devices that the client has approved access to.

The client “drives the connection setup process and uses public key cryptography to verify the identity of the SSH server,” SSH.com notes. Once the connection is set up, the SSH protocol “uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is exchanged between the client and server.”

What SSH Can Achieve for Businesses

On corporate networks, SSH is typically used in a number of ways:

To provide secure access for users
To enable secure access for automated processes, such as file transfers
To manage mission-critical systems, such as network infrastructure
To provide remote commands to devices

“SSH can be used interactively to enable terminal sessions, and should be used instead of the less secure Telnet program. SSH is also commonly used in scripts and other software to enable programs and systems to remotely and securely access data and other resources,” Tech Target notes.

SSH vs. TLS and SSL

SSH has several similarities to the Transport Layer Security protocol, which updates and replaces the flawed Secure Sockets Layer protocol for secure online transactions. Like SSH, TLS operates at or above the transport layer to secure network transmissions. However, unlike SSH, which both encrypts and authenticates all transmissions, TSL configures connections to do only one or the other.

Moreover, while both use a key pair to ensure authentication, the relationship with the key pair differs.

“SSH uses a separate key pair to authenticate each connection: one key pair for a connection from a local machine to a remote machine, and a second key pair to authenticate the connection from the remote machine to the local machine,” Tech Target notes.

Hackers Tap SSH for Nefarious Means

But SSH, like many other security tools, has also become a tool used by bad actors.

A recent report from Carbon Black found that hackers have begun leveraging SSH to target financial institutions. According to the report, “Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector,” 28 percent of CISOs surveyed saw hackers use SSH, which was third on the list behind Windows Management Instrumentation (59 percent) and PowerShell (89 percent).

There are several ways that companies can help to combat these types of attacks, including by employing teams that are on the lookout for malicious SSH activity.

Threat hunting teams that spot attacks using these “good” tools could prevent financial institutions from falling prey to hackers that make use of SSH, BizTech reports — an added safeguard in today’s threat landscape.

“Perimeter-based security based on defense in depth will not succeed in defending our infrastructure against the threats of today,” says Tom Kellermann, chief cybersecurity officer for Carbon Black.

What Is Port Forwarding for SSH?

Port forwarding via SSH, also known as port tunneling, opens a secure tunnel between a remote host and a local one.

“SSH port forwarding is a technique for redirecting network traffic to a particular port/IP address, so that a remote host is made directly accessible by applications on the local host. The destination may be on the remote SSH server, or that server may be configured to forward to yet another remote host,” Tech Target explains.

There are three kinds of port forwarding:

Local port forwarding: The most common type of port forwarding, this technique first forwards connections from the SSH client to the SSH server before sending it to a destination server, according to Ubuntu.

Remote port forwarding: The opposite of local port forwarding, with remote port forwarding, the connections from the SSH server are forwarded to the SSH client before being sent to a destination server.

Dynamic port forwarding: Much like the name suggests, with dynamic port forwarding, the SSH client forwards connections from several different programs to the server, and ultimately to the destination.

your_photo/Getty Images