What Is SSH and How Does It Work?

Learn what SSH (Secure Shell) is, how it provides encrypted communication for managing servers remotely, and why it replaced older protocols like Telnet. This guide covers the basics of its cryptographic handshake and how to connect.

Publish date: 9/15/2025

If you've ever needed to manage a server that isn't sitting right in front of you, you've probably come across SSH. It's the standard tool for remotely accessing and controlling computers over a network, and for good reason.

But what exactly is it, and how does it keep your connection safe?

Before SSH came along in the mid-90s, system administrators often relied on tools like Telnet. The problem was, Telnet sent all information, including your username and password, in plain text. Anyone "listening" on the network could easily intercept your credentials and gain full access to the server. It was clear that a secure alternative was needed, and that's where SSH stepped in.

What is Secure Shell?

SSH stands for Secure Shell (or Secure Socket Shell), and it's a cryptographic network protocol for operating network services securely over an unsecured network. That's a technical way of saying it creates a safe, encrypted tunnel for you to send commands to a remote machine.

When you connect to a server using SSH, you get a shell prompt, just like the one you'd have on your local terminal. From there, you can run commands, manage files, install software, and perform any administrative task as if you were physically there. The key difference is that your entire session is encrypted, protecting your credentials and data from being exposed.

How does the encryption work?

The magic of SSH lies in its use of cryptography to establish a secure connection. It doesn't just encrypt everything with a single method; it uses a combination of techniques in a sequence called the SSH handshake. Let's break it down into a few steps.

  1. Initiating the connection: When you try to connect, your computer (the client) reaches out to the server over the network, typically on port 22. The client and server agree on the encryption protocols they'll use.
  2. Server host key verification: The server presents its public host key to your client. If this is your first time connecting, your SSH client will ask if you trust this key. Once you accept, it's stored in a known_hosts file on your computer. On future connections, your client checks the server's key against the stored version to make sure you're connecting to the same server and not an imposter.
  3. Secure key exchange: Now that the server's identity is verified, the client and server use asymmetric encryption (using the server's public/private key pair) to securely generate and agree upon a shared secret key. This new key is symmetric, meaning the same key is used for both encryption and decryption. Symmetric encryption is much faster, so it's used for the rest of the session.
  4. User authentication: With a secure channel established, it's time for you to prove your identity to the server. This usually happens in one of two ways:
    • Password Authentication: You simply send your username and password. While simple, this method is vulnerable to brute-force attacks where an attacker repeatedly tries to guess your password.
    • Public Key Authentication: This is a far more secure method. You generate a pair of cryptographic keys on your own computer: a public key and a private key. The public key is placed on the server, while your private key remains secret on your machine. When you connect, the server uses your public key to issue a challenge that can only be solved with your private key. Your client solves it and proves your identity without ever sending the private key over the network.

Because public key authentication is so much safer, it's one of the first things any administrator should set up. In fact, combining it with other techniques is fundamental to protecting your server, which we cover in our guide on 7 quick and easy ways to secure SSH on a Linux server.

How to connect with SSH

Connecting via SSH is straightforward. On Linux, macOS, or modern Windows, you can just open a terminal and use the OpenSSH client that's already built-in.

The basic command structure is:

ssh username@server_ip_or_hostname

For example, to connect to a server at 192.0.2.1 with the username admin, you would run:

ssh [email protected]

The first time you connect, you'll see a message like this:

The authenticity of host '192.0.2.1 (192.0.2.1)' can't be established.
ED25519 key fingerprint is SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz1234567890abc.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

This is the host key verification step we mentioned earlier. Type yes and press Enter. The server's key will be saved, and you'll be prompted for your password or authenticated with your SSH key.

Frequently asked questions about SSH

What is the default port for SSH?

The default port for SSH is TCP port 22. For security, it's a common practice to change this to a different, non-standard port to reduce exposure to automated bots that scan for open port 22s.

Is SSH the same as SSL/TLS?

No, they are different protocols for different purposes. SSH is used to create a secure shell for remote administration and file transfers. SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are primarily used to secure web traffic with HTTPS, as well as email and other application traffic.

Can I use SSH on Windows?

Yes. Modern versions of Windows 10 and 11 include a built-in OpenSSH client, allowing you to use the ssh command directly from the Command Prompt or PowerShell. For years, the most popular third-party SSH client for Windows has been PuTTY, which is still a great option. You can also use the Windows Subsystem for Linux (WSL) to get a full Linux environment, which includes SSH.

What's the difference between an SSH key and a password?

A password is a secret that you know and send to the server to prove your identity. If it's guessed, stolen, or intercepted on an insecure connection, it can be used by an attacker. An SSH key pair is a set of cryptographic files. You prove your identity by showing you possess the private key, without ever revealing the key itself. This makes it almost impossible to steal through network sniffing or brute-force guessing.

Conclusion

SSH is an essential tool for anyone managing servers. It provides a reliable and secure way to execute commands, transfer files, and maintain your infrastructure from anywhere. Understanding how it works is the first step toward using it effectively and keeping your systems safe.

Thanks for reading! If you're looking for reliable infrastructure, xTom provides enterprise-grade dedicated servers and colocation services. For scalable, production-ready hosting, our NVMe-powered KVM VPS platform, V.PS, is perfect for any workload. We also offer flexible IP transit solutions and a wide range of other IT services.

Ready to discuss your infrastructure needs? Contact our team to explore the right solution for your projects.