The world is becoming more connected, and businesses are searching for ways that authentication tools can help ensure security in every circumstance. One of the tools that network administrators frequently use is Secure Shell, or Secure Socket Shell (SSH), in order to ensure device security in an unsecured network.
What Is SSH?
Created to replace less secure login options, such as Telnet, remote login or remote shell, SSH is a network protocol that offers authentication and encrypted data communications over an open network, allowing administrators to securely login remotely to a device.
“SSH is widely used by network administrators for managing systems and applications remotely, allowing them to log into another computer over a network, execute commands and move files from one computer to another,” Tech Target states.
How Does SSH Work?
There are several ways that SSH can work to create a secure connection, but the most common are via public key authentication or a username and password combination. Public key authentication involves a private client and a public server, which communicate to enable secure remote access only for devices that the client has approved access to.
The client “drives the connection setup process and uses public key cryptography to verify the identity of the SSH server,” SSH.com notes. Once the connection is set up, the SSH protocol “uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is exchanged between the client and server.”
What SSH Can Achieve for Businesses
On corporate networks, SSH is typically used in a number of ways:
- To provide secure access for users
- To enable secure access for automated processes, such as file transfers
- To manage mission-critical systems, such as network infrastructure
- To provide remote commands to devices
“SSH can be used interactively to enable terminal sessions, and should be used instead of the less secure Telnet program. SSH is also commonly used in scripts and other software to enable programs and systems to remotely and securely access data and other resources,” Tech Target notes.
SSH vs. TLS and SSL
SSH has several similarities to the Transport Layer Security protocol, which updates and replaces the flawed Secure Sockets Layer protocol for secure online transactions. Like SSH, TLS operates at or above the transport layer to secure network transmissions. However, unlike SSH, which both encrypts and authenticates all transmissions, TSL configures connections to do only one or the other.
Moreover, while both use a key pair to ensure authentication, the relationship with the key pair differs.
“SSH uses a separate key pair to authenticate each connection: one key pair for a connection from a local machine to a remote machine, and a second key pair to authenticate the connection from the remote machine to the local machine,” Tech Target notes.
Hackers Tap SSH for Nefarious Means
But SSH, like many other security tools, has also become a tool used by bad actors.
A recent report from Carbon Black found that hackers have begun leveraging SSH to target financial institutions. According to the report, “Modern Bank Heists: Cyberattacks & Lateral Movement in the Financial Sector,” 28 percent of CISOs surveyed saw hackers use SSH, which was third on the list behind Windows Management Instrumentation (59 percent) and PowerShell (89 percent).
There are several ways that companies can help to combat these types of attacks, including by employing teams that are on the lookout for malicious SSH activity.
Threat hunting teams that spot attacks using these “good” tools could prevent financial institutions from falling prey to hackers that make use of SSH, BizTech reports — an added safeguard in today’s threat landscape.
“Perimeter-based security based on defense in depth will not succeed in defending our infrastructure against the threats of today,” says Tom Kellermann, chief cybersecurity officer for Carbon Black.