What is SSH? Secure Shell Explained — CompTIA A+, Network+ & Security+ (2026)

⚡ What is SSH?

SSH (Secure Shell) is a cryptographic network protocol used to securely access and manage remote devices over an unsecured network. It encrypts everything — commands, responses, credentials — so nothing can be intercepted in transit. SSH replaced Telnet, which sent everything in plaintext. It runs on TCP port 22 and is the standard for remote access to servers, routers, switches, and firewalls.

SSH vs Telnet — the core exam distinction

Both SSH and Telnet give you a remote command-line interface to a network device. The difference is everything that happens to the data in transit — and this distinction is one of the most reliably tested comparisons across A+, Network+, and Security+.

Feature	SSH	Telnet
Port	TCP 22	TCP 23
Encryption	✓ Fully encrypted	✗ Plaintext — everything visible
Credentials	✓ Encrypted in transit	✗ Username and password sent in cleartext
Authentication	Password or public key	Password only
Integrity	✓ MAC ensures data hasn't been tampered with	✗ No integrity checking
Status	Current standard — use this	Deprecated — security risk, never use
Use case	Managing servers, routers, switches, firewalls remotely	Legacy only — occasionally seen on isolated lab networks

⚡ The most common SSH exam question

"A network administrator needs to remotely manage a switch securely. Which protocol should they use?" → SSH (port 22) — not Telnet (port 23), which transmits credentials in plaintext.

"A technician captures network traffic and can read the administrator's username and password in the packet capture. Which remote access protocol is being used?" → Telnet — SSH would have encrypted those credentials.

How SSH works — the connection process

When you connect via SSH, several things happen before you ever type a command. The protocol establishes an encrypted channel and authenticates both the server and the client before any data is exchanged.

TCP connection established

Client connects to the server on TCP port 22. A standard three-way handshake completes first.

Protocol and algorithm negotiation

Client and server agree on which encryption algorithms, key exchange methods, and MAC algorithms to use for the session.

Server authentication — host key check

The server presents its host key (public key). The client checks this against its known_hosts file. On first connection, the client is prompted to verify and trust the key fingerprint.

Session key exchange

A shared symmetric session key is generated using a key exchange algorithm (Diffie-Hellman). This key encrypts everything for the rest of the session.

User authentication

The client authenticates — either with a password (sent encrypted) or with public key authentication. The encrypted session is already established before credentials are sent.

Encrypted session begins

All subsequent commands and responses are encrypted with the symmetric session key. An attacker capturing this traffic sees only ciphertext.

Password authentication vs public key authentication

SSH supports two main ways to prove your identity to a server. Password authentication is simpler but weaker. Public key authentication is more secure and is the standard for servers and network equipment in professional environments.

🔑

Simpler method

Password Authentication

You enter your username and password. The password is sent encrypted inside the SSH session. Vulnerable to brute force attacks if weak passwords are used — still far better than Telnet, but public key auth is preferred.

🗝️

Stronger method

Public Key Authentication

You generate a key pair — a private key (kept secret on your machine) and a public key (placed on the server). The server challenges you to prove you hold the private key without ever transmitting it. No password needed — much harder to brute force.

Public key authentication — how it works

Your machine:  private key  (id_rsa — never leaves your machine)
Remote server: public key   (~/.ssh/authorized_keys — placed there once)

During login:
1. Server sends a random challenge message
2. Your client signs it with your private key
3. Server verifies the signature using your public key
4. Signature valid → authenticated — no password ever sent

⚡ Public key auth — the Security+ angle

Public key authentication provides stronger authentication than passwords because the private key is never transmitted — an attacker intercepting traffic cannot capture it. It also eliminates the risk of password brute force attacks against the SSH service.

Disabling password authentication entirely and requiring key-based auth is a Security+ hardening best practice for SSH servers. The exam may describe this as "requiring certificate-based authentication."

Common SSH commands

SSH commands you need to know

# Connect to a remote host
ssh contact@itstudyhub.org
ssh contact@itstudyhub.org  ·  Privacy Policy  ·  Disclosure: Some links on this site may be affiliate links. I may earn a small commission at no extra cost to you.