What Is SSH and How Does It Work? (2026 Complete Guide)
Learn what SSH is, how SSH encryption works, how to use SSH keys instead of passwords, and SSH commands every developer needs to know. Beginner guide 2026.
What Is SSH and How Does It Work? (2026 Complete Guide)
Every developer, sysadmin, and cloud engineer uses SSH daily. It's how you securely log into a remote server from anywhere in the world — as if you were sitting right in front of it. If you've ever wondered what those ssh commands actually do, this guide explains everything.
What Is SSH?
SSH (Secure Shell) is a cryptographic network protocol for securely accessing and managing remote computers over an unsecured network. It replaces older, insecure protocols — Telnet sent commands and passwords in plain text, meaning anyone on the network could read them.
SSH was created by Tatu Ylönen in 1995 after a password-sniffing attack at his university. OpenSSH is the open-source implementation used by more than 90% of servers today. Common use cases: logging into web servers, deploying code, transferring files (SCP/SFTP), and managing cloud VMs on AWS, DigitalOcean, and Google Cloud.
How SSH Works — The Encryption Process
- Client initiates a connection to the server on port 22.
- Server presents its public host key — the client verifies it's the expected server (first time: asks you to confirm).
- Both sides negotiate an encryption algorithm (typically AES-256).
- A shared session key is generated using Diffie-Hellman key exchange — secure even if someone is watching the traffic.
- All subsequent communication is encrypted with that session key.
- Client authenticates — either with a password or an SSH key pair.
Password Authentication vs SSH Keys
Password auth is convenient but vulnerable to brute force. Thousands of bots scan the internet for SSH servers on port 22 and try common passwords around the clock.
An SSH key pair is a private key (stays on your machine, never shared) and a public key (placed on the server). They're mathematically linked — authentication proves you hold the private key without ever revealing it.
Analogy: a password is showing an ID that can be forged. An SSH key is a physical key that only fits one lock.
Common SSH Commands Every Developer Should Know
- ssh user@hostname — basic connection.
- ssh -p 2222 user@hostname — connect on a custom port.
- ssh-keygen -t ed25519 — generate a new key pair.
- ssh-copy-id user@hostname — copy your public key to the server.
- scp file.txt user@hostname:/path/ — secure file copy.
- ssh -L 8080:localhost:80 user@hostname — local port forwarding (SSH tunnel).
- exit or Ctrl+D — end the SSH session.
SSH Port 22 — Why It's a Target
Port 22 is the default SSH port — well-known and constantly scanned. Fail2Ban logs on any publicly exposed SSH server show thousands of login attempts per day.
Security tips: move SSH off port 22 (reduces noise, not a fix on its own), disable password authentication entirely, use SSH keys only, and whitelist specific source IPs if you can.
Check if port 22 (or any port) is open on your server.
Open Port CheckerSSH Tunnelling and Port Forwarding
- Local port forwarding: expose a remote service on your local machine — access a remote database as if it's running locally.
- Remote port forwarding: expose a local service to the remote server.
- Dynamic port forwarding: turns SSH into a SOCKS proxy — route your browser through SSH like a lightweight VPN.
Check HTTP headers and server response.
Open HTTP Headers ToolSSH vs Telnet vs RDP
- SSH — encrypted, secure, command-line, cross-platform. The standard for Linux, Unix, and macOS servers.
- Telnet — unencrypted, obsolete. Never use it on the public internet.
- RDP — GUI-based remote access for Windows machines. Different use case to SSH.
Read our full guide on encryption.
What Is Encryption?Frequently Asked Questions
What does SSH stand for?
Secure Shell — a cryptographic protocol for securely accessing and managing remote computers.
Is SSH safe over public WiFi?
Yes. The entire session is encrypted with strong cryptography. Even if someone intercepts the traffic, they can't read or modify it.
Should I disable password authentication?
Yes, once SSH keys are working. It eliminates brute force attacks entirely.
Frequently Asked Questions
What does SSH stand for?+
SSH stands for Secure Shell. It is a cryptographic protocol used to securely access and manage remote computers over an unsecured network like the internet.
What port does SSH use?+
SSH uses port 22 by default. Server administrators often change this to a non-standard port to reduce automated attack traffic, though this alone is not sufficient as a security measure — disabling password authentication and using SSH keys is essential.
What is the difference between SSH and a VPN?+
SSH provides secure access to a specific remote machine for command-line operations and file transfers. A VPN encrypts all network traffic from your device and routes it through a remote server. SSH is for accessing and managing a server; a VPN is for protecting all your internet traffic.
What is an SSH key and why should I use one?+
An SSH key is a cryptographic key pair — a private key that stays on your machine and a public key placed on the server. Authentication proves you hold the private key without exposing it. SSH keys are far more secure than passwords because they cannot be guessed or brute-forced.
Is SSH safe to use over public WiFi?+
Yes. SSH encrypts all communication using strong cryptography, making it safe to use over public WiFi. Even if someone intercepts the traffic, they cannot read or modify the contents of an SSH session.