Threats Addressed by Secure Shell

Below is a discussion of the threats that Secure Shell is well suited to protect your system against.

Eavesdropping or Password Sniffing
An eavesdropper is a network device, also known as a "sniffer", which will intercept information being transmitted over the wire. This sniffing takes place without the knowledge of either the client or server and is called passive monitoring. User data including passwords can be stolen this way if you use insecure protocols like telnet and FTP. Because the data in a Secure Shell session is encrypted, it is not vulnerable to this kind of attack and cannot be decrypted by the eavesdropper.

Man-in-the-Middle Attack (MITM)
If the first connection and host key exchange between a client and a particular host is compromised, the MITM attack fools both the client and server into thinking that they are communicating directly with one another when, in fact, an attacker is actually intercepting all traffic between the two as illustrated below:

In a MITM attack an attacker (Eve) impersonates both the server and the client.

The client (Bob) initiates a connection with the server (Alice). Unknown to both Bob and Alice, an attacker (Eve) is waiting to intercept their connection negotiation. Eve receives Bob's request for a connection and authenticates herself as Alice. Eve then initiates a connection with Alice posing as Bob and authenticates herself. Two secure SSH sessions are now in place with Eve reading all of the data being passed between Bob and Alice in clear text. Secure Shell protects against MITM attacks through server host authentication. Unless the host itself has been compromised, Eve does not have access to the server's private key and cannot impersonate Alice.