What SSH Actually Is
SSH — Secure Shell — is a cryptographic network protocol for operating network services securely over an unsecured network. At its core, it is a client-server architecture: an SSH client initiates a connection, and an SSH daemon (sshd) listens on the server, typically on port 22. Every piece of data that travels between them is encrypted, authenticated, and integrity-protected.
What most developers interact with day-to-day — typing ssh user@host — is the tip of an enormous iceberg. Beneath that single command lies a precisely ordered sequence of cryptographic handshakes, key negotiations, and protocol layers that happen in milliseconds.
The Protocol Stack: Three Layers
The SSH protocol is formally defined in a family of RFCs (RFC 4251–4254) and is composed of three distinct sub-protocols stacked on top of TCP:
