SSH stands for “Secure Shell.” It’s a network protocol used to securely access and manage devices and servers over an unsecured network. It provides an accurate form of authentication as well as encrypted communication between two systems, making it especially useful in environments where security is a concern.
SSH is commonly used to access remote servers through a command line interface, but can also be used to securely transfer files (through SFTP or SCP). It uses encryption techniques to protect transmitted information, making it difficult for third parties to intercept or manipulate data during transmission.
One of the main advantages of SSH is its ability to authenticate both the client and the server, which helps prevent man-in-the-middle attacks and other security threats. SSH replaces older, less secure methods of remote access, such as Telnet, which transmits information in an unencrypted manner, making it susceptible to interception and data theft.
SSH is an operating system independent protocol. Although it was conceived for UNIX environments, it is present in operating systems such as OSX (Mac) and in the latest versions of Microsoft Windows servers. SSH is, de facto, the standard for connecting to servers by command line.
It uses port 22/TCP, but can be configured to listen and connect over different ports. In fact, it is considered a good security practice to change the default listening port to avoid being identified by remote scanning tools.
A brief look at the history of SSH and OpenSSH
The trajectory of OpenSSH dates back to 1999 and is closely linked to the original software called “SSH” (Secure Shell), created by Tatu Ylönen in 1995. SSH is a network protocol that enables secure connection and remote control of a system through a command line interface.
In its early days, SSH was proprietary software and although it was available for free for non-commercial use, it required licenses for use in commercial environments. This led to the creation of several open source SSH implementations to fill the gap in terms of accessibility and software licensing.
In this context, the OpenSSH project was initiated by Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song in December 1999. The creation of OpenSSH was carried out in response to a series of events that included the release of the SSH protocol source code by Tatu Ylönen and concerns about ownership and licensing of existing proprietary software.
The initial goal of the OpenSSH project was to create a free, open-source protocol that was compatible with existing versions, especially SSH-1 and SSH-2. OpenSSH also sought to circumvent the licensing restrictions associated with proprietary SSH deployments.
As the project progressed, it became the de facto implementation of SSH on Unix- and Linux-based systems. OpenSSH’s growing popularity was due to its open source code, ability to provide safe communication, and features such as strong encryption, key-based authentication, and secure file transfer capability (SFTP).
OpenSSH also benefited from collaboration with the free and open source software community. Over the years, it has undergone continuous improvements, security updates, and functional extensions, making it an essential tool in remote system administration and network security.
In short, OpenSSH emerged as a response to the need for a free, open-source SSH implementation. Over the years, it has evolved to become the most widely used SSH implementation on UNIX and Linux systems and remains a key element in the security of communication and system administration in distributed environments.
Remote command execution with SSH
SSH not only provides a way to interactively access the shell of a remote machine, it can also be used to execute remote commands on a system, with the following syntax:
ssh user@host:/path/ofthe/command
SSH is frequently used in scripts for the automation of all types of actions and processes, for that it requires automatic authentication by means of certificates, since, by default, it will require the user to enter a password manually and interactively through the keyboard.
Security at SSH
SSH stands for Secure Shell, so security is part of SSH’s foundational design.
SSH also has the ability to create TCP tunnels that allow a host to be used to create a kind of dedicated VPN, between two IPs, that can be bidirectional. It is what is known as “TCP Tunnel” and that when misused, can be a security problem.
SSH allows automatic authentication through certificates, which allows a user to connect to a system through SSH without knowing the password. To do this, the public key of a digital certificate must be copied to the server, so that you identify that user through their certificate. This is an advanced option that allows command execution automation through SSH, but which presents inherent risks to any automation.
What are the differences between Telnet and SSH?
SSH and Telnet are two network protocols used to access remote systems, but there are significant differences in terms of security and features.
SSH is the current standard for remote access in all types of environments. Telnet, on the other hand, is older and less secure, and its use is discouraged, unless it is impossible to use SSH.
Security
SSH: It provides a safe environment for communication between two systems. All data, including usernames and passwords, are encrypted before being transmitted, making it much more difficult for an attacker to intercept and understand the transmitted information.
Telnet: It transmits data, including login credentials, in an unencrypted form. This means that if someone has access to the network between the client and the server, they can easily capture and read the information.
Encryption
SSH: It uses encryption to protect data during the transmission. Encryption algorithms in SSH can be configured to meet the latest security standards.
Telnet: It does not provide encryption, which means that all information, including passwords, are transmitted insecurely.
Authentication
SSH: It supports several authentication methods, including the use of passwords, public key, and token-based authentication.
Telnet: Depending on your settings, it generally uses only usernames and passwords for authentication.
Ports
SSH by default. SSH uses port 22, unlike Telnet, which uses port 23. However, these ports can be changed at any time.
Top SSH customers
Listed below are some of the best-known SSH customers on the market.
OpenSSH
OpenSSH (Linux, macOS, Windows with WSL) and other operating systems such as BSD or communications devices that support a version of OpenSSH.
OpenSSH is a free and open source implementation of the SSH protocol. It comes pre-installed on most Linux distributions and is widely used in Unix environments.
It is highly reliable, secure, and the default choice on many Unix-based operating systems, as well as being 100% free.
Putty
PuTTY is a free and open source SSH client for Windows and is therefore very popular. Although it was initially designed for Windows, there is also an unofficial version called “PuTTY for Mac” that works on macOS, there are also alternative versions for Linux.
It’s lightweight, easy to use, and can be run as a portable app with no installation required. However, it lacks a powerful interface, does not allow sequence recording, and in general, lacks more advanced features that you may find in other “visual” SSH clients. It also doesn’t have a specific interface for file transfer.
Of all the options, PuTTY is the most basic one, but at least it’s a visual interface, unlike the standard operating system’s SSH client that’s free, but where all the “features” are command-line-based.
Downloads and Updates
It can be downloaded from its own web, although there are several sites in parallel that offer alternative versions for Mac and even Linux.
Price & Licenses
It’s free and under an OpenSource license, so you may modify its code and compile it on your own.
BitVise
Bitvise SSH Client is a solid choice for Windows users looking for an easy-to-use and secure SSH client. Its combination of an intuitive interface, advanced file transfer features, and robust security makes it a well-liked tool for remote system management and safe file transfer.
SSH Server
BitVise offers both an SSH client and an SSH server. Generally, Windows systems do not use SSH so it can be a very good option to implement it, despite the fact that the latest versions of Microsoft Windows Server already implement it. It is an excellent option for implementing SSH in older Windows versions, as it supports a wide selection of versions, almost since Windows XP:
- Windows Server 2022
- Windows 11
- Windows Server 2019
- Windows Server 2016
- Windows 10
- Windows Server 2012 R2
- Windows Server 2012
- Windows 8.1
- Windows Server 2008 R2
- Windows Server 2008
- Windows Vista SP1 or SP2
- Windows Server 2003 R2
- Windows Server 2003
- Windows XP SP3
SSH Tunneling and Port Forwarding
It allows SSH tunnel configuration and port forwarding, which is useful for securely redirecting network traffic over SSH connections.
Advanced Session Management
Bitvise SSH Client offers advanced options for session management, including the ability to save session configurations for quick and easy access to frequently used servers.
Session Log and Audit
It provides a detailed session log, which can be useful for auditing and activity tracking purposes.
Proxy Support:
Bitvise SSH Client supports several proxy types, allowing users to bypass network restrictions and connect through proxy servers.
Downloads and Updates
A 30-day trial version can be downloaded from their website https://www.bitvise.com.
Price & Licenses
Only for Windows, it is priced at around 120 USD per year.
SecureCRT
It is available for all platforms: Windows, macOS, and Linux. A functional demo can be downloaded from their website at https://www.vandyke.com.
SecureCRT is a commercial client that offers support for multiple protocols, including SSH. It provides an advanced graphical interface, scripting and automation functions, and is widely used in enterprise environments.
Terminal Emulation
It offers terminal emulation for a wide variety of types, including VT100, VT102, VT220, ANSI, among others. This ensures effective compatibility with different remote systems and devices.
Secure File Transfer
SecureCRT includes support for secure file transfer protocols, such as SCP (Secure Copy Protocol) and SFTP (Secure File Transfer Protocol). This allows users to securely transfer files between local and remote systems. To manage file transfers, use an additional product called SecureFX (with an additional license fee).
Automation and Scripting
It makes it easy to automate tasks by running scripts. It supports different scripting languages, such as VBScript, JScript, and Python, providing flexibility in process automation.
Efficient Session Management
SecureCRT offers an efficient session management interface that allows users to easily organize and access previous connections. It also makes it possible to import and export sessions for easy configuration transfer between systems. It allows advanced session configuration, including authentication options, function key configuration, port forwarding, among others. This gives users precise control over their remote sessions.
SSH Key Integration
SecureCRT supports key-based authentication, which means users can manage and use SSH keys for safe authentication without relying on passwords.
Additional Protocol Support
In addition to SSH, SecureCRT also supports other protocols such as Telnet, rlogin, and Serial. This makes it a versatile tool for different network environments.
Price & Licenses
A full version for one user, including safe transfer features (SecureFX) is about $120 per year.
ZOC
ZOC Terminal is an SSH client and terminal emulator that offers advanced features for users who need a powerful and versatile tool to work with SSH remote connections. It is also compatible with other protocols such as Telnet and Rlogin, which extends its usefulness in different environments not only as an SSH client but also as a Telnet client.
ZOC is compatible with Windows and macOS and publishes regularly updated versions. A demo version can be downloaded from their website at https://www.emtec.com.
Terminal Emulation Functions
ZOC supports multiple terminal emulations, such as xterm, VT220, TN3270, and more. This allows users to connect to a variety of remote systems and mainframes.
File Transfer
It includes secure (and insecure) file transfer features, such as FTP, SFTP (SSH File Transfer Protocol) and SCP (Secure Copy Protocol), allowing users to securely transfer files between the local and remote system. The feature is included in the product itself.
Automation and Scripting
ZOC makes it easy to automate tasks by running scripts. It supports different scripting languages, such as VBScript, JScript, and Python, providing flexibility in process automation. It also allows you to record a key combination and play it back to, for example, automate login sessions that require the use of sudo or su.
Session Management
The ability to manage and organize sessions is crucial for those who work with multiple connections. ZOC offers an efficient session management interface that allows users to easily organize and access previous connections. You can have a catalog of systems where you can easily connect.
Price & Licenses
The basic license is around 80 USD, but its free version allows you to work easily, except for the somewhat annoying popup at the beginning.
Pandora RC: Alternative to using SSH
Pandora RC (formerly called eHorus) is a computer management system for MS Windows®, GNU/Linux® and Mac OS® that allows you to access registered computers wherever they may be, from a browser, without having direct connectivity to your devices from the outside.
Security
For greater security, each agent, when configured, may have an individual password that is not stored on the central servers of Pandora RC, but each time the user wishes to access said machine, they will have to enter it interactively.
Remote access without direct connection
One of the most common SSH issues is that you need to be able to access the server IP. With Pandora RC, it’s the server that connects to a cloud service and so it’s available from anywhere, without the need for a VPN or complex firewall rules.
Integrated with Pandora FMS
It integrates natively with Pandora FMS monitoring software, so that it is possible not only to monitor the servers, but to access them directly from the same interface, without the need to install SSH clients, remember passwords or generate duplications.
Price & Licenses
Free up to 5 devices. There are use licenses for unlimited machines from €19/month. More information on the website: https://pandorafms.com/en/remote-control/prices/
Remote Shell and All-in-One Remote Desktop
Pandora RC has a remote control system through access to the Desktop in a visual way. In both cases, a web interface is used to operate with the remote server, whether it is Windows, MacOS or Linux. It also provides a file transfer mechanism and process/service management. All integrated into one WEB application:
Example of remote Shell on a Mac system:
Example of a remote desktop on a Mac system:
Example of a file share on a Linux system:
Sancho is the one who created and founded Pandora FMS. Among his many hobbies, besides technology and the internet in general, is reading, playing the guitar and sports like fencing or boxing. In his personal blog he dares to write about business and technology issues when he has the time, which is almost never the case.
