Yes, SSH is secure when set up properly, because it encrypts the whole session. Most break-ins come from weak configuration, usually password login left on with a guessable password. Using SSH keys, disabling password login and protecting your private key make it very safe.

Programming · Servers · security

What is SSH?

By ColdwastUpdated Jun 22, 20268 min read#ssh#servers#security

Lines of source code and a network port shown on a dark screen — SSH is the standard way developers open a secure, encrypted session on a remote machine and work on it as if they were sitting in front of it.

The moment you rent a VPS or deploy to a remote server, you hit the same question: how do you actually log in and run commands on a machine that lives in a data centre? The answer is almost always SSH. This guide explains what SSH is, how it keeps your session safe, and the handful of commands you really need.

The short definition

SSH — Secure Shell — is a protocol for logging in to a remote computer and running commands over an encrypted connection. It gives you a terminal on a machine somewhere else, as if it were right in front of you, and it scrambles everything that passes between you and the server. That encryption is the whole point: it replaced older tools like Telnet, which sent passwords and commands in plain text for anyone on the network to read.

How SSH works

When you connect, your SSH client and the server run a quick handshake. They agree on encryption settings and set up a shared secret key, so the rest of the session is private. The server also proves its identity with its own key, which is why your client warns you the first time it sees a new server. After that, you authenticate — you prove who you are — and you get a shell prompt on the remote machine. Every keystroke and every reply from then on is encrypted.

A server cabinet filled with network cables and patch cords — SSH is how you reach servers like these. You connect from your laptop and control the remote machine over an encrypted channel.

Passwords vs SSH keys

You can log in two ways. A password is simple but weaker: it can be guessed or brute-forced, and bots try this on public servers all day. SSH keys are the better way. You generate a pair of files: a private key that stays on your computer, and a public key you copy to the server. The server then lets you in only if your private key matches, and the private key never leaves your machine. Keys are both more secure and more convenient, since you skip typing a password each time.

The commands you actually use

Connect: ssh user@server-address opens a session on the remote machine.
Make a key pair: ssh-keygen creates your private and public keys.
Copy your key to a server: ssh-copy-id user@server-address sets up key login.
Copy files: scp file user@server:/path moves files over the same secure channel.

Those four cover most day-to-day work. You connect, you manage your containers or code, and you move files back and forth, all encrypted.

Where you meet SSH

SSH is everywhere in development. You use it to manage a VPS or cloud server, to push and pull code with Git over SSH, to deploy apps, and to tunnel a connection securely. If a task involves a remote machine, SSH is usually how you reach it. Learning it once pays off across every server you ever touch.

The honest trade-offs

SSH is secure, but the security still depends on you. Leaving password login on, or exposing the default port with a weak password, is how servers get broken into. The safe setup is well known: use SSH keys, turn off password login, and keep your private key protected. Beginners also find the command line a hurdle at first. But the basics are quickly learned, and the skill carries over to every server and cloud platform you'll use.

Frequently asked questions

What is SSH in simple terms?

SSH, or Secure Shell, is a way to log in to a computer somewhere else and run commands on it over an encrypted connection. It gives you a terminal on a remote machine as if it were in front of you, while scrambling everything sent between you and the server so no one on the network can read it.

What is the difference between an SSH password and an SSH key?

A password is a secret you type, and it can be guessed or brute-forced by bots. An SSH key is a pair of files: a private key kept on your machine and a public key placed on the server. You're let in only if they match, and the private key never leaves your computer, which makes keys both safer and more convenient than passwords.

What port does SSH use?

SSH uses TCP port 22 by default. Some administrators change it to a different port to cut down on automated login attempts, but that is a small obstacle rather than real security. The real protections are using SSH keys and turning off password login, not hiding the port.

Is SSH secure?

Yes, SSH is secure when set up properly, because it encrypts the whole session. Most break-ins come from weak configuration, not from SSH itself — usually password login left on with a guessable password. Using SSH keys, disabling password login and protecting your private key make it very safe.

Independent, community-maintained guide. coldwa.st is a programming-resources site; this article is new, original explanatory writing about the SSH protocol. Commands shown are standard OpenSSH usage; check your own client and server documentation for specifics.

Recommended

A server to practise SSH on

The best way to learn SSH is to have a real server to log in to. A VPS or cloud server gives you root access over SSH to deploy sites, APIs or containers. Infomaniak — a Swiss, privacy-respecting provider — offers VPS and cloud servers you can connect to and manage entirely over SSH.

See Infomaniak Cloud →

Affiliate link — it supports these free guides.

Browse more clear explainers in our guides index.