SSH secures your data while it passes over a network, but how exactly does it work? In this chapter, we move firmly onto technical ground and explain the inner workings of SSH. Let’s roll up our sleeves and dive into the bits and bytes.

This chapter is written for system administrators, network administrators, and security professionals. Our goal is to teach you enough about SSH to make an intelligent, technically sound decision about using it. Mostly, we deal with SSH-2 as the current and recommended SSH protocol; our treatment of the old and deprecated SSH-1 is limited to a summary of its differences and limitations. When we refer to “the SSH protocol,” we mean SSH-2.

Of course, the ultimate references on SSH are the protocol standards and the source code of an implementation. We don’t completely analyze the protocols or recapitulate every step taken by the software. Rather, we summarize them to provide a solid, technical overview of their operation. If you need more specifics, you should refer to the standards documents. The SSH Version 2 protocol is in draft status on the IETF standards track; it is available at:

The older SSH-1 protocol is called Version 1.5 and is documented in a file named RFC included in the source package of the now-obsolete SSH1.