Secure Shell (SSH) is a protocol for using network services securely. For example, when an email is sent or received, SSH will automatically encrypt or decrypt the email so that the attacker cannot intercept it in the middle of the transaction [1]. There are two versions of SSH, namely SSH1 and SSH2. SSH has 3 main components, as shown in Figure 1: Transport Layer Protocol which provides confidentiality, integrity and authentication; User authentication protocol that authenticates the client on the server; Connection protocol that "multiplexes the encrypted tunnel into several logical channels" [1].Figure 1: Components of SSH [3]The main advantages of SSH are: Data Privacy, Data Integrity, Authentication of senders and recipients, authorization access, forwarding “to encrypt other TCP/IP based sessions” [2]. Data privacy is maintained by encrypting data transferred over the Internet. The key is randomly selected and secretly negotiated between client and server and once the session ends, the key is discarded. Different encryption algorithms are used such as 3-DES (triple-DES), IDEA, Blowfish. For data integrity and to ensure that the data arriving is the same as the data sent, SSH uses keyed hash algorithms based on MD5 and SHA-1 [2]. SSH requires authentication of both the sender and the recipient. For client and server authentication, SSH uses more powerful and advanced mechanisms such as rlogin-style authentication, one-time secret key passwords, and per-user public key signatures. [2] Authorization is granted in SSH by limiting certain functionality at the server or account level. Because of this control, all functionality is not available for all SSH implementations, but depends on the server's authentication method...half of card...key. The server checks whether this key can be used for authentication [3].Password authentication: The client sends a plain text password to the server encrypted with the key identified in the previous steps [3].Host-based authentication: The authentication performed by the client host rather than the client itself for all clients it supports. The client sends the signed signature using the client host's private key. The server authenticates the client based on this signature [3].The last phase is the data exchange. In data exchange, clients and servers exchange data by creating one or more data channels. In each channel, the flow is controlled using the available space in the window. There are 3 phases of channel life: open channel, data transfer and closed channel. Once the channel is opened by one of the parties, data is transferred and then the channel is closed by one of the parties [3].