In layman terms, Secure Shell or SSH is established between two computer programs :

1. On the server side : A daemon (system service) that listens on a TCP/IP port and accepts connections. It receives encrypted packages of several types, which it executes.
2. On the client side : A client which connects to the server and transfers commands.

The connection between client and server uses encryption, so establishing in effect a secure channel over an insecure network. The term "Secure Shell" comes from the ability of the server to run a local shell on the server computer, allowing the client to execute commands and see their result. But SSH can also be used for many other purposes.

Both server and client use a known protocol to communicate, which means a known format for their messages. However, SSH can also do tunneling, which means the transfer of messages-within-messages or protocol-within-protocol. The server in this case acts as a switch or agent, transferring messages back and forth between the client and its target, for example evading the local firewall :

The messages from the inner protocol are in this way encrypted and encapsulated inside the SSH protocol.

Below are detailed some, but by no means all, of the uses of SSH.

Executing remote commands

To run a command on a remote system without logging in, specify the command after the login information:

$ ssh host command

For example, to check remote disk space:

$ ssh host df

Another example for Linux is piping the microphone from one machine to the speakers of another:

$ dd if=/dev/dsp | ssh -C user@host dd of=/dev/dsp

Copying files with ssh

For copying data and files over SSH, there are a few options.

It's possible to copy with the command cat. If you're trying to copy the output of a process instead of a file, this is certainly a reasonable route :

$ cat file | ssh -e none remote-host 'cat > file'

If these are going to be large files, you may want to use the -C flag to enable compression.

For copying files, the program scp works like cp, except it also accepts remote destinations :

$ scp .bash_profile matt@example.com:~/.bash_profile

For an FTP-like interface for copying files, use the program sftp.

Local port forwarding

SSH allows secure port forwarding.

For example, suppose you want to connect from client A to server B but route traffic securely through server C. This is useful for evading firewalls.

From A, run:

A$ ssh C -L localport:B:remoteport

Then, to connect to B:remoteport, connect to localhost:localport.

If you use add -g, then anyone that can reach A may connect to B:remoteport through A:localport.

For example, suppose your work banned reddit.com. Run this:

# ssh yourserver -L 80:reddit.com:80

And, set the address of reddit.com and www.reddit.com to 127.0.0.1 in /etc/hosts (you will also need to disable any local web server). Now, it will surreptitiously traffic to reddit.com through your yourserver.

If you do this frequently, you might want to add a special host:

Host redditfw
HostName yourserver
LocalForward 80 reddit.com:80

Remote port forwarding

Alternatively, suppose you wanted to give remote machine B access to another machine, A, by passing securely through your local machine C.

Then, on C, you can run:

C$ ssh B -R remoteport:A:targetport

At this point, local users on B can connect to A:targetport through localhost:remoteport.

If you want to to allow nonlocal users to be able to connect A:targetport through localhost:remoteport, then set in the sshd_config file:

GatewayPorts yes

If you do this frequently, set up a special host in ~/.ssh/config:

Host exportme
HostName B
RemoteForward remoteport A:targetport

SSH as a filesystem: sshfs

Using the FUSE project with sshfs, it's possible to mount a remote filesystem over SSH. On the Mac, use Fuse4x.

Once it's installed, run:

$ sshfs remote-host: local-mount-directory

source