SSH (Secure Shell) is “a protocol for secure remote login and other secure network services over an insecure network.” (See RFC 4253). Webmasters are familiar with FTP, or “File Transfer Protocol”, which lets them connect to a remote server in order to upload and download files to update their website(s).
Why do we need SSH?
Internet traffic flows through a series of networks, routers, and switches before ending up at the intended destination. For example, when I visit “google.com” from my computer’s web browser, my request goes through several different routers including my office router (which is my control), then into the routers managed by my Internet Service Provider, and finally into Google’s network, which in and of itself would consist of several different routers (or hops).
Read about the differences between routers, switches and firewalls in an earlier blog post.
Typically, traffic goes through the internet insecurely. Think of it like mailing a letter. When you send a postcard, anyone who helps to deliver the postcard can read what is written on it. This includes the mailman who picked up the postcard from your mailbox, post office employees, and finally the mailman who delivers the postcard to its intended recipient.
If a webmaster uses FTP (which is insecure), then anyone with access to a router “in between” the webmaster’s computer and the webmaster’s server can very easily see the information that webmaster sends to the server – including usernames and passwords!
SSH encrypts that traffic, making it more difficult to read that data in transit.
In summary, SSH makes it possible to securely login to a remote server, and can be used to transfer files via sFTP (secure FTP) among other things. Server administrators love SSH because you can use it to securely administer, configure, update and reboot servers.
So What are SSH “Keys”?
An SSH Key removes the need for a password, and thus (when a server is configured correctly), prevents someone from being able to perform a Brute Force password attack to gain unauthorized access to a server. When you generate and use an SSH key for authentication, you create 2 keys: A public key (which can be shared with anyone and everyone), and a private key (which you must keep safe, and share with no one).
Let’s continue to use the example of uploading files to a web server.
The public key goes onto the server. The private key stays on your computer. When you go to connect to the server, you configure your sFTP client to reference the private key. That private key can only authenticate against the public key (located on the server).
For more information about security and encryption, here’s a few more blog posts I’ve written:
- Securing your Network
- Securing your Website
- Information Security: 3 Ways to Secure Your Data
- Nonprofits, Information Technology & Security
- Password Security & User Accounts