working of SSH protocol
Consider the following situation. You are at your friend’s place with your laptop and you want to access your home computer to do something. May be you want to start a download or you want to run a program right away. What would you do in this situation? Will you go all the way to your house just to start a download? You already have a laptop at your disposal, so you should be able to use it somehow. You can just connect to your home computer through internet. But what if someone else hacks you while you do that? This is where SSH comes in.
What exactly is SSH?
SSH stands for Secure Shell and it is basically a program to log into another computer over a network. Now why would we want to do that? May be you want to transfer data, run a program, execute some other commands etc. There are plenty of reasons why one would want to access another machine remotely. The good thing about SSH is that it connects you through a secure channel over an insecure network. If you are using a public wifi network, you might be open to attacks. You need to send your credentials to your computer so that the computer knows that it is in fact you who is requesting access. But the problem with insecure networks is that these credentials can be hacked. Hence SSH uses a secure channel over these insecure networks to ensure the safety. If insecure networks are like battle fields, then secure channels are like bullet proof jackets.
We generally mostly use it to control our remote Servers that sits on different location and we avail our services and complete our job.
How does it work?
SSH provides strong authentication and secure communication between two computers. It uses Public Key Cryptography to authenticate the remote computer and allow the remote computer to authenticate the user as well. I have discussed more about Public Key Cryptography here. SSH uses a client-server model. The server is a big machine which provides a common platform for various people. Clients are people who connect to this big machine and use it for various purposes. The server is like a big house and clients are people who have keys to this house. A server offers various services like storage, computing, routing etc. Depending on the situation, you can use it in different ways.
SSH also supports tunneling. Now what exactly is tunneling? Whenever you want to transfer data over a network, you encrypt it and then send it. Even if somebody sees it, he will not be able to understand the data. But what would you do when you cannot encrypt the data? Or if you just want to send unencrypted data over a network? This is where tunneling comes in handy. Tunneling is used to transfer unencrypted data through an encrypted channel. In order to set up an SSH tunnel, you have to configure an SSH client to forward a specified local port to a port on the remote machine. Have you heard of this software called PuTTY? It’s an SSH client software. You can use it to access a remote machine. Once the SSH tunnel has been established, the user can connect to the specified local port to access the network service. Mac users can directly use ssh via Terminal.
To access a web server (this will open a terminal on the remote machine):
$ ssh email@example.com
To connect to X server (this will enable X11 forwarding):
$ ssh -X firstname.lastname@example.org
If you have a login:
$ ssh -l login_name email@example.com
SSH uses sftp for file transfer. It is an interactive command that uses the same syntax as a standard command-line ftp client. It differs from a standard ftp client in that the authentication and the data transfer happens through the SSH protocol rather than the FTP protocol. The SSH protocol is encrypted whereas the FTP protocol is not. You can just use:
$ sftp firstname.lastname@example.org
There are various commands like put, get, ls etc. They are pretty basic and you can read up more about them if you want.
One of my favorite SSH client that I use in my day to day life is Putty. You can download it here it’s free.
It’s a very simple ssh client that can work on any internet connection, even it on a gprs from your mobile phone.