You’re right about the SSH protocol – it’s used to securely connect to other computers and operate on them as if you were using them directly, even over unsecured networks.

TeamViewer and other tools do not use SSH, however. They use proprietary protocols. This is mostly because SSH is designed with command-lines in mind, while TeamViewer allows you to see a Graphical interface.

> Is SSH used to remotely access the computers with encryption?

Pretty much. You can do more things with it than just that, but this is the main thing it’s used for.

SSH is a “tunneling” protocol. That is, it’s a specific way of creating, sending, and reading encrypted communications designed to be sent though insecure channels, such as the Internet.

The Internet itself works like a chain of people passing buckets down a line. When you send data to somewhere else on the Internet (like you might do when, say, logging into Reddit), you are implicitly relying on many, possibly dozens of computers to take your login request and hand it down the chain, one-by-one, until it gets to Reddit’s servers. Along the way, any one of those bucket-passers can inspect your message. If you wrote it in plain language, now they know your login details!

If you want to prevent it from being read by unauthorized eyes, you need to scramble your message using some kind of cipher. There are many, many ways to do this, each with a different set of costs and benefits. You are also going to need a way to ensure that the other computer you’re sending data to knows you are going to do this, and knows how to read it when it gets to them. There are also many, many ways to do this. SSH is just one of these ways, optimized specifically for the use case of logging into computers remotely.

Also, no, it’s not quite like TeamViewer. In almost all implementations of SSH, you get a command line terminal. That’s it. You don’t see the desktop of the remote machine. I believe projects exist that *do* show you the remote computer’s screen by tunneling all the data through an SSH connection, but those are almost never what anyone means when they talk about SSH unless they specify.

Ssh works by establishing a connection with another computer. It makes this connection by using a key. There’s a public and private key. These are made when you make a certificate and you can distribute the keys to whoever should be allowed in. Think of the public key as the “key hole” and the private key as the “key”. One key for every key hole, so only distribute the private key to trusted people.

Once that connection is made, you’re running a cli in the other computer and it’s showing it to you through terminal. So yeah, kinda like team viewer but you only get text back for the cli variant. I’ll skip ssh tunnelling.

SSH is just an encrypted channel.

Generally it’s used for a terminal (command-line) but it’s also capable of “wrapping” ordinary services like web browsing or other network ports in order to become a secure “tunnel” to another system. It’s also used a lot to copy files between computers via something called SCP.

It replaces something called telnet which was a way to send command-line commands to a remote server but which could intercepted, modified and read by anyone en-route. Telnet died when we tried to secure systems, and SSH was a replacement with lots of extra knobs on.

It’s a secure communications channel between two computers, where both computers can verify that the other end is the computer/user that it intends to allow access to it, and where nobody in between is able to intercept, modify or read the data that crosses over that channel.

I use it to manage remote systems (“headless” systems, which have no GUI, such as webservers and the like) including issuing commands on them and uploading/downloading files to them securely, and I used it to tunnel communications to make them secure (so I can connect to my “insecure” home services remotely and access websites and other services that are normally only available on my home network – e.g. my router’s web interface, my NAS storage, my weather station etc.).

You can use basically any network protocol through SSH – in days gone by people would send desktop protocols like X-Windows (a bit like Teamviewer but 30+ years older!) through SSH to access desktops on remote machines, but that’s fallen out of favour now for more modern services.

Even Windows allows you to connect via ssh and run Powershell etc. commands now, and has an SSH client in it too.

Diffie-Helman explained in grade school terms:

https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#/media/File:DiffieHellman.png

All VPNs, SSL, TLS, secure tunnels, encrypted remote access, credit-card processing, websites; any application that depends on secure transmission over an insecure channel uses this method.

> The process begins by having the two parties, Alice and Bob, publicly agree on an arbitrary starting color that does not need to be kept secret. In this example, the color is yellow. Each person also selects a secret color that they keep to themselves – in this case, red and cyan. The crucial part of the process is that Alice and Bob each mix their own secret color together with their mutually shared color, resulting in orange-tan and light-blue mixtures respectively, and then publicly exchange the two mixed colors. Finally, each of them mixes the color they received from the partner with their own private color. The result is a final color mixture (yellow-brown in this case) that is identical to their partner’s final color mixture.

>If a third party listened to the exchange, they would only know the common color (yellow) and the first mixed colors (orange-tan and light-blue), but it would be very hard for them to find out the final secret color (yellow-brown). Bringing the analogy back to a real-life exchange using large numbers rather than colors, this determination is computationally expensive. It is impossible to compute in a practical amount of time even for modern supercomputers.

Now, the catch is, what if someone came up with a really good way of separating the “color mixtures”. We are afraid that this is about to be a technical reality. You see, these things called quantum computers offer unique ways of breaking Diffie-Helman. This risk is called quantum supremacy. It means that even if you use a secure channel, in the near future, a middleman with enough funding will be able to read it anyway. In theory, the industry is preparing the best practice to guard access to quantum computers, like with nuclear weapons. But in reality, commercial companies are going to start selling quantum computing API services. In this juncture, we may need to really pull back on how connected everything is, because foreign nation-states will be hacking everything.

Researchers are still working on finding math solutions; better ways of solving the man in the middle problem. Maybe when you grow up you will solve this problem!