SSH and FTP

[!NOTE] This module explores the core principles of SSH and FTP, deriving solutions from first principles and hardware constraints to build world-class, production-ready expertise.

1. SSH (Secure Shell)

SSH is a cryptographic network protocol for operating network services securely over an unsecured network. It is the standard for remote management of Linux servers.

  • Port: 22.
  • Key Features:
  • Encryption: All traffic between client and server is encrypted (Symmetric encryption after initial asymmetric key exchange).
  • Authentication: Password or Public-key based. Public-key is highly recommended to prevent brute-force attacks.
  • Tunneling (Port Forwarding): Can wrap other protocols (like database traffic, VNC) and send them through a secure “tunnel”, bypassing firewalls.
  • Data Integrity: Uses MACs (Message Authentication Codes) to ensure packets are not tampered with in transit.

The Anatomy of an SSH Connection

  1. TCP Handshake: Establish connection on Port 22.
  2. Version Negotiation: Client and server agree on the SSH protocol version.
  3. Key Exchange (KEX): Asymmetric cryptography (e.g., Diffie-Hellman) is used to securely generate a shared symmetric session key.
  4. User Authentication: The client proves their identity using a password or an SSH key pair.
  5. Secure Channel: All subsequent communication uses the fast symmetric session key.

2. FTP (File Transfer Protocol)

FTP is a legacy protocol used to move files between a client and a server.

  • Port: 21 (Command/Control), 20 (Data - Active Mode).
  • The Flaw: It is completely Unencrypted. Your username, password, and file contents are sent in plaintext over the wire. It is highly vulnerable to packet sniffing.

The Alternatives (Always use these instead of FTP)

  1. SFTP (SSH File Transfer Protocol): Not to be confused with “Secure FTP” (FTPS). SFTP is an entirely different protocol that runs inside an SSH session. It provides full file system access, transfer, and management capabilities, completely secured by SSH.
  2. SCP (Secure Copy Protocol): A simpler, older CLI tool designed solely for copying files over SSH. It is generally faster than SFTP but lacks directory management features. Note: SCP is considered deprecated by many modern systems in favor of SFTP.

3. Interactive: SSH Key Exchange

See how the server is verified.

💻
Client
Remote Server
SHA256: 4f1a...
Waiting for command...

4. Active vs. Passive FTP

FTP is notorious for being a “Firewall Killer.” Unlike HTTP which uses a single connection, FTP requires two separate connections: a Control channel (usually Port 21) and a Data channel.

  • Active Mode (The Firewall Nightmare):
    1. Client connects to Server Port 21 and says, “I am listening on my Port 5000.”
    2. The Server initiates a new connection from its Port 20 to the Client’s Port 5000 for data transfer.
    3. The Problem: The client’s firewall sees an unsolicited incoming connection from the server and blocks it. Active FTP rarely works in modern networks with NAT and client-side firewalls.
  • Passive Mode (PASV - The Modern Standard):
    1. Client connects to Server Port 21 and requests Passive mode.
    2. The Server opens a random high port (e.g., 50000) and tells the client, “Connect to me on Port 50000.”
    3. The Client initiates the connection to Server Port 50000 for data transfer.
    4. The Solution: Because both connections (Control and Data) are initiated by the Client, client-side firewalls allow the traffic to pass. This is what modern FTP clients use by default.