Secure Shell (SSH) is a protocol for creating an encrypted communication channel between two computers, mainly for the purpose of remote login. The requirement of Secure Shell (SSH) came because of the security holes with TELNET protocol. The main point to note here is SSH (Secure Shell) is not really a Unix shell, like BASH shell. SSH (Secure Shell) is really a security protocol that that provides many useful functions. SSH prevents data and user credentials loss to malicious users by encrypting communications between two computers. SSH allows remote login (similar to TELNET), transfer files securely using SSH File Transfer (SFTP), Secure Copy (SCP) and many other functions.
The term "Tunnel" is used for an encrypted connection between two devices. An SSH tunnel is used between two computers to transfer unencrypted traffic over a network through an encrypted channel. Remember, sending data over the network without encryption was the main security issue related with TELNET protocol.
SSH provides Confidentiality, Integrity and Authentication
SSH provides Confidentiality, Integrity and Authentication for network communication. Confidentiality, Integrity and Authentication are the three pillars of network security.
Confidentiality is the first pillar of network security, which provides protection for network traffic from eavesdropping. Confidentiality ensures the data sent over network is visible only to the intended recipient, not to anyone else. The data sent to over the network is encrypted (scrambled), so that only the intended recipient can convert it back to the original plain text sent from the sender.
Integrity is the second pillar of network security. Integrity provides protection against data tampering on transit. The original data sent from the sender is not altered in its way to the destination computer. If a malicious user on the way, captures and modifies the original data in the transit, SSH can detect it.
Authentication is the third pillar of network security. Authentication can confirm a user’s claim about his identity. SSH can verify the identity of a user, thus preventing a malicious user faking as the original user.