When an administrator needs to do something on a server that sits in another building or in the cloud, they do not go there in person. They connect to it over SSH.

What SSH is

SSH (Secure Shell) is a protocol for securely connecting to another computer or server over a network. The whole communication is encrypted, so nobody along the way can see what you are doing or what passwords you type.

How it works

From your computer (the client) you connect to the remote machine (the server) and get its command line, as if you were sitting right next to it. By default SSH runs on port 22. You type commands, the server runs them and sends you the output, all in an encrypted channel.

Password versus key

You can log in with a password, but it is safer and more convenient to use a key pair. You create a private and a public key. You upload the public one to the server and keep the private one with you. The server then lets in only whoever has the matching private key, and you do not have to type a password every time. Keys are also far harder to break than an ordinary password.

What SSH is used for

Mainly for managing servers and network devices, secure file transfer (SCP and SFTP) and tunnelling connections. In the server world it is the standard. Unlike graphical remote access, where you see the desktop, SSH works through a text command line. It is fast, lightweight and works even over a slow connection.

A few things for security

SSH is secure if you use it sensibly. It pays to log in with keys instead of a password, not to allow the root account directly, and to consider changing the default port so automated login attempts bother you less.

Summary

SSH is a secure gateway to servers through the command line. If you run your own server or VPS, sooner or later you will need it.

This article is part of our Software and system overview.