SSH
Sicheres Protokoll für Remote-Systemadministration.
SSH (Secure Shell) is a cryptographic network protocol used for operating network services securely over an unsecured network. Its primary applications include remote command-line login and execution, but it also supports tunneling (port forwarding), file transfers (via SFTP and SCP), and other secure network services. SSH operates on a client-server model. The SSH client initiates a connection to an SSH server, typically running on the standard port 22. During the connection setup, the client and server negotiate cryptographic algorithms (for key exchange, encryption, message authentication, and host authentication) and establish a secure, encrypted channel. Host authentication is typically achieved using [public-key cryptography](/de/terms/public-key-cryptography), where the server presents its public host key, which the client verifies against a known list or a trusted Certificate Authority. User authentication can be performed using passwords, public-key cryptography (SSH keys), or other methods like keyboard-interactive authentication. Once authenticated, all subsequent traffic between the client and server is encrypted, protecting data confidentiality and integrity.
graph LR
Center["SSH"]:::main
Pre_encryption["encryption"]:::pre --> Center
click Pre_encryption "/terms/encryption"
Rel_tls_ssl["tls-ssl"]:::related -.-> Center
click Rel_tls_ssl "/terms/tls-ssl"
Rel_firewall["firewall"]:::related -.-> Center
click Rel_firewall "/terms/firewall"
Rel_grpc["grpc"]:::related -.-> Center
click Rel_grpc "/terms/grpc"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Erkläre es wie einem 5-Jährigen
🔑 It's like a 'magic secure tunnel' between two computers. If you want to control a computer across the world, normally someone could 'eavesdrop' on your conversation. SSH encrypts everything so that even if someone intercepts the data, it's just scrambled code that only your two computers can unlock.
🤓 Expert Deep Dive
SSH employs a robust suite of cryptographic primitives. Key exchange typically uses Diffie-Hellman variants (e.g., ECDHE) to establish a shared secret. Symmetric [encryption](/de/terms/symmetric-encryption) (e.g., AES-GCM) is then used for bulk data transfer, providing both confidentiality and integrity. Message Authentication Codes (MACs) or authenticated encryption modes ensure data integrity against tampering. Host key verification is crucial to prevent Man-in-the-Middle (MitM) attacks; trust-on-first-use (TOFU) is common but relies on out-of-band verification for true security. Public-key authentication for users offers significant advantages over passwords, eliminating password guessing and enabling automation. Protocol versions (SSH-1 vs. SSH-2) are critical; SSH-1 is considered insecure and deprecated. Vulnerabilities often arise from implementation flaws, weak algorithm choices, or insecure configuration (e.g., disabling strict host key checking).