University of Colorado at Boulder  
Map A to Z Index Search CU Home
ITS logo
Information Technology Services News | ITS Search
ITS Docs
  How does an SSH tunnel work?
 
 

What is SSH?
SSH provides secure network authentication and communications. There are two protocols in use by SSH: SSH1 and SSH2. They differ in terms of the encryption algorithms they use to secure the network traffic. SSH2 is more secure than SSH1, and most modern SSH clients are built to support it. An SSH client will secure all communications between the client and the server by running the clear-text data through an encryption algorithm, before sending it across the wire. On the other end, the ssh program running on the server will decrypt the data using a special key only it and the client know. Passwords are still sent across the network using SSH, but they are encrypted so they will not appear as clear-text to listeners.

What is an SSH Tunnel?
An SSH tunnel is an SSH-secured connection between two machines. Computers talk over a network through "ports", or openings to the outside world. Using the right software program, it is possible to create a connection from a particular port on one computer to another(or the same) particular port on a remote computer. The two machines will then communicate by "talking" to each other through this port connection. It is possible using various SSH client programs to create such a port connection with the advantage that all communications taking place through the connection are encrypted. Otherwise, all communication through the port connection would be clear-text, or just as readable to anyone as the words on this page.

What is an SSH Tunnel good for?
Many applications that talk to other computers over the network do so insecurely, and there is no way in the application to encrypt the data being sent. This is where an SSH tunnel comes in handy. Once the SSH tunnel is established, you simply configure the unsecure application to talk through the secure tunnel to the remote computer. This prevents sensitive data like passwords from being sent over the network unsecurely without you knowing it. For example, graphical webpage-editing tools ask you to FTP files to and from a remote website. This is commonly done insecurely, meaning your FTP account password is being sent clear-text. However, it is possible to route the FTP connection through an SSH tunnel and keep your password secure with minimal effort.

Get Help

To get help contact the IT Service Center by phone at 303-735-HELP (5-4357 from an on-campus phone), by e-mail at help@colorado.edu, or in person at the IT Service Center walk-in (located two buildings east of the UMC).

Encrypted Authentication Project

Encrypted Authentication Project homepage

 

  

Search by Topic

 

Did this document help you?
yes    no

How can it be improved?

 

 Printable Version
   

 

 

 
       
       Support | Training | Facilities | About ITS | ITS Home
 

Last reviewed: April 08, 2005

IT Service Center: 303-735-4357 (5-HELP), help@colorado.edu, Location and Hours of Operation
Computer Support Representative (CSR) look-up tool

itsfeedback@colorado.edu  | Policies | Privacy
© 2000 The Regents of the University of Colorado