How Does SSH Work?

What actually happens when you type ssh user@host?

The visual below lays out the sequential steps that occur between the SSH client and the SSH server.

Here’s a breakdown of the main events that occur during an SSH connection:

𝟭) 𝗞𝗲𝘆 𝗲𝘅𝗰𝗵𝗮𝗻𝗴𝗲

SSH begins with a key exchange process, typically using the Diffie-Hellman algorithm. The client and server exchange public components to derive a shared secret, creating a secure session key for encrypted communication without transmitting sensitive private keys.

𝟮) 𝗦𝗲𝗿𝘃𝗲𝗿 𝘃𝗲𝗿𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻

The client validates the server’s identity by checking its public key against a locally stored known_hosts file. This prevents man-in-the-middle (MITM) attacks, ensuring the connection is established only with a trusted server.

𝟯) 𝗦𝗲𝘀𝘀𝗶𝗼𝗻 𝗸𝗲𝘆 & 𝗲𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻 𝘀𝗲𝘁𝘂𝗽

After establishing the shared secret, SSH derives a symmetric session key. This key encrypts all subsequent communication, providing both confidentiality (data remains private) and integrity (modifications are detected). Symmetric encryption is computationally efficient, making it ideal for ongoing communication.

𝟰) 𝗖𝗹𝗶𝗲𝗻𝘁 𝗮𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻

The client proves its identity through authentication methods, such as public key authentication. In this method, the client signs a server-provided challenge with its private key. The server verifies the signature using the client’s public key, ensuring secure and tamper-proof authentication without exposing the private key.