SSH stands for Secure Shell. It is a cryptographic network protocol for remote command execution, secure date communication, remote command-line log in, and other secure network services between two networked computers. SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary. It provides strong authentication and secure communications channels that are not known to be secure. It is used as a replacement for rsh, rlogin, rcp and rdist.
How to use Secure Shell
- By using automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.
- By using a manually generated public-private key pair to perform the authentication, allowing web browsers or internet programs to log in without having to specify a word. The public key is placed on all computers that must allow access to the owner of the matching private key (the owner keeps his private key to himself). Though authentication is based on the private key, the key itself is never transferred to through the network during authentication.
- In all versions of SSH it is necessary to verify unknown public keys before considering or accepting them as valid.
SSH protects a network from attacks such as DNS spoofing, IP spoofing, and IP source routing. An attacker who has managed to take over a network can only force SSH to disconnect. He or she cannot hijack the connection or play back the traffic when encryption is enabled. When you are using SSH’s login (instead of rlogin) the entire login session, including the transmission of password, is encrypted; therefore it is almost impossible for an outsider to collect passwords.
What are the uses of SSH?
SSH is a protocol that can be used for numerous applications across many platforms which includes most UNIX variants (Solaris, Linux, and the BSDs including Apple’s OS X). SSH have a number of uses, which includes the following:
- For securing file transfer
- For logging in to shell on a remote host (replacing rlogin and Telnet)
- In the execution a single command on a remote host (replacing rsh)
- In browsing or surfing the internet through an encrypted proxy connection with SSH clients that support the SOCKS protocol
- For copying and mirroring files efficiently and securely in combination with rsync to back up
- For tunneling or forwarding a port
- For using a full-pledged encrypted VPN
- For forwarding X from a remote host
- In the development on a mobile or embedded device that supports SSH
- In securely mounting a directory on a remote server as a filesystem on a local computer using SSHFS
- For automatic remote monitoring
- For management of servers
Allowing remote log-on through SSH is good for administrative purposes, but can be a threat to the security of your server. Since it is oftentimes the target of brute force attacks, SSH access needs to have proper limitation to prevent third parties gaining access to your server.
- Usage of a non-standard account names and passwords.
- By only allowing incoming SSH connections from trusted locations.
- Use fail2ban or sshguard to monitor for brute force attacks, and restrict brute forcing IPs accordingly.
Here are ways in protecting SSH:
- Protecting against brute force attacks – brute forcing is a simple concept: One continuously tries to log in to a webpage or server log-in prompt like SSH with a high number of random username and password combinations. You can have protection from these force attacks by utilizing an automated script that blocks any person who is trying to brute force their way in.
- Limit root login – it is generally considered not a good practice to allow the root user to log in without restraint over SSH.
There are two ways in which SSH root access can be restricted for increased security:
Selective provision root rights for actions requiring these without requiring authenticating against the root account. This allows no access of the root account via SSH and potentially functions as a security measure against these brute attacks, now that the attacker must guess the account name in addition to the password.
Some automated tasks such as full-system, remote backup need full root access. To enable these in a way that is secure, rather than disabling root login via SSH, you must only allow root logins for selected commands.
Does web hosting hub provide SSH access?
Unfortunately, at this period of time, web hosting hub does not provide or offer SSH access because of security reasons. According to the staff of the said web hosting company, as part of their security policy, they do not allow SSH access to any hosting account because most commands can be duplicated using tools that can be found in the control panel wherein you can change permissions, upload, edit and even delete files.