Application Features Provided by SSH

SSH is a very flexible protocol, and many different types of services can run on top of it. Additionally, the protocol's open architecture allows these services to run all at the same time without impeding each other.

One service that is used very often is the remote console. To provide this service, a channel is created in the SSH session, and the channel is used to exchange data using a terminal emulation protocol such as vt100 or xterm. The client displays to the user a console window within which the user can execute programs on the server as if he or she was logged on locally.

Another very popular service is port forwarding, or TCP/IP connection tunneling. With SSH port forwarding, it is possible to secure a TCP/IP connection established by an independent application that would otherwise be vulnerable to network attacks. If you want to learn more about SSH port forwarding, click here.

Files can also be transferred between the SSH client and server using protocols such as SCP and SFTP, both of which run on top of SSH. While SCP is essentially the old Unix rcp utility transplanted onto a different transport, SFTP is a very flexible remote file manipulation protocol that can be used for a wide variety of purposes. It is also much better standardized. If you find yourself in doubt over which one of these protocols to use, use SFTP. (Note that, apart from the name, SFTP carries virtually no semblance to the FTP protocol that everybody knows and uses. Technically, the protocols are completely different.)

Finally, SSH also provides a service known as the exec request, which is conceptually very similar to a remote console, only without the console. The exec request executes a program on the server like a remote console does, but the program's input and output are sent raw, without any terminal encoding. Exec requests are very useful for network automation purposes.