The spy-movie handshake of cryptography and trust that makes remote login possible.
🟢 In simple terms
An SSH connection is a secure tunnel between your computer and another computer (usually a server) over the internet.
It’s like a private, encrypted walkie-talkie:
- You type commands → they get encrypted → sent to the server.
- The server runs them → sends results back → also encrypted. So even if someone is watching your network, all they see is gibberish.
🚨 The Problem SSH Solved (And Why We Almost Lost the Internet)
Back then, system administrators were sending ROOT PASSWORDS across the internet in PLAIN TEXT.
Yes, you read that right.
Every login, every command, every sensitive operation. Completely visible to anyone sniffing network traffic.
Protocols like Telnet, rsh, and FTP were basically handing over your servers to attackers on a silver platter.
🛡️ How SSH Actually Works (The Magic Behind The Scenes)
💻🕵️ What Actually Happens When You Hit ssh user@server
SSH isn’t just remote login. It’s a secure negotiation, identity verification, and a puzzle-solving protocol, all happening in milliseconds. When you type ssh user@server.com, here’s what happens in milliseconds:
The beautiful part? Even if someone intercepts your traffic, they see gibberish.
✅ 1. Client says: “Yo, can we talk?”
ssh user@server.com
Your SSH client tries to open a TCP connection on port 22 to server.com.
It’s like your laptop walking up to the server and knocking:
🧑💻💬 “Hey, you open for secure chat?”
🔐 2. The server replies: “Let’s talk, but securely.”
The server responds with: A list of encryption algorithms it supports
Its public host key (used to verify its identity)
This is the server’s way of saying:
🖥️💬 “Cool! but first, here’s my ID and my preferred encryption dance moves.”
Check server fingerprint manually (first time only):
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
🕵️♂️ 3. Client checks: “Do I know you?”
SSH compares the server’s fingerprint with your ~/.ssh/known_hosts.
✅ If it’s already known → we’re chill
❌ If not → SSH warns you:
Are you sure you want to continue connecting (yes/no)?
You type yes, and it gets saved for next time.
Basically:
“Hey, this guy’s new. You sure this isn’t a trap server?”
🔄 4. Encryption Negotiation (the handshake)
Now the client and server agree on a common encryption algorithm (like AES, ChaCha20, etc.) and key exchange method (like Diffie-Hellman or ECDH).
They perform a key exchange to generate a shared session key (used to encrypt the session).
Both solve the same crypto puzzle, ending with the same session key.
⚠️ The cool part?
They both end up with the same session key, but no one else on the network can figure it out.
It’s like solving the same puzzle separately and both ending up with the same secret phrase.
This is what makes SSH secure even over open networks.
No command here — it’s all under the hood.
👤 5. User Authentication (Prove you’re you)
Once the tunnel is encrypted, the client says:
🧑💬 “Okay server, now let me in.”
The server asks for user authentication, which could be:
🛑 Password (not recommended)
ssh user@server.com
# Then enter password
✅ Public Key (much better)
ssh-copy-id user@server.com # one-time setup
ssh user@server.com # passwordless login
Your client proves it has the private key that matches a public key on the server (usually in ~/.ssh/authorized_keys).
It signs a challenge, and the server verifies it with your public key.
No passwords fly over the wire. 🛡️
🎉 6. Session Established: Let the magic begin
Now the secure session is live:
Every keystroke → encrypted
Every response from the server → encrypted
You’re inside the Matrix 🧠🔒
This tunnel can now be used for:
🧑💻 Interactive shell
📂 File transfer (SCP, SFTP)
🔄 Port forwarding
🧰 Tunneling other protocols (Git, DB access, etc.)
> Here a video by @ByteByteGo, really helpful.
Bonus:
🔧 SSH Config —> Stop Memorizing Commands!
Instead of typing:
ssh -i ~/.ssh/prod-key.pem -p 2222 deployer@203.0.113.10
Create ~/.ssh/config:
Host prod
HostName 203.0.113.10
User rhel
IdentityFile “~/.ssh/prod-key.pem”
Port 2222
Now just type: ssh prod
🎯
But SSH wins because:
✅ Universal (works everywhere)
✅ Lightweight (minimal resources)
✅ Scriptable (perfect for automation)
✅ Battle-tested (years of security hardening)
✅ Port forwarding (tunnel ANY protocol)
🔄 TL;DR -> for my scroll-happy friends:
SSH is still around because it’s 🔒 simple + powerful + everywhere
It’s not magic, It’s a full-on encrypted handshake, identity check, cryptographic puzzle, and channel manager, all rolled into one elegant protocol.
Alternatives exist, but SSH is the OG and still undefeated.
Next time you type ssh, remember:
You’re starting a secret spy mission over port 22. And your terminal?
It’s the encrypted walkie-talkie.
Let’s hear the horror stories. Bonus points if it involves rm -rf
or scp
to the wrong server. 😂👇👇
This is my first post in here, this piece is my small step toward learning in public and giving back to the community that’s taught me so much.
Found this helpful? Hit that Like and share your story.🚀
Top comments (1)