Secure Shell Client

ZOC Terminal is a professional secure shell client that lets you access servers using the powerful secure shell (SSH) protocol.

Secure Shell related features:

  • Based on $(openssh-basevers), which is a semi industry-standard
  • Modern ciphers like AES-256 or ED25519
  • Password, public key or keyboard interactive
  • Secure-Shell Agent forwarding
  • SSH key generator
  • SSH Keep-Alive

Other features:
  • Multiple sessions in tabbed window
  • Secure telnet data transfer via SSL
  • Scripting and recording of SSH sessions
  • Emulations: xterm, VT220, VT420, TN3270, TN5250, Wyse, QNX
  • Powerful scripting language with screen-scrape ability
  • Small memory footprint (RAM and hard drive)
  • Administrator friendly with easy deployment
More...
Glossary:

Secure Shell Client

What is a Secure Shell Client?

When you're working with client/server computing, a general terminal or a terminal emulator is used to send and receive data from the host. Because of this, the terminal or the PC that is running a terminal emulator needs to somehow be connected to the server or mainframe computer.

There are several different methods that can be used to connect the two, but in the past, the most commonly used method of connecting a terminal to a server over a network was Telnet.

Unencrypted transmission via Telnet today presents a serious security risk, because anybody on the network with some knowledge and tools can monitor the data exchange - even down to details like usernames, passwords.

Because of the ever-increasing demand for security, the Secure Shell (SSH) protocol was developed.

A Secure Shell client is a software application that enables secure and encrypted communication between a local computer and a remote server. It facilitates a secure command-line interface or a graphical user interface for users to access and manage a remote system. SSH clients play a crucial role in ensuring confidentiality and integrity of data during communication over a potentially untrusted network, such as the internet Should an unauthorized third party be able to intercept traffic somewhere along the communication path, they will see nothing but completely useless data.

When a user initiates a connection using an SSH client, it establishes a secure tunnel through which data is encrypted before transmission and decrypted upon arrival, protecting sensitive information from potential eavesdropping or unauthorized access. The SSH client utilizes public-key cryptography or password authentication to verify the identity of the user before granting access to the remote server.

Table of Contents

 

Secure Shell Client Features and Requirements

There are many benefits to using a secure shell client. On top of the encryption of the data transfer and secure key exchange, the SSH protocol also offers verification that you are connected to the correct computer.

This may seem surprising, but it makes perfect sense. Keep in mind that if somebody were able to control any part of the communication path, they could actually reroute the traffic to another computer. This can then play the role of the computer which you actually wanted to connect to, and could either display fake data or obtain information from the client computer - both of which could be equally damaging. When you use a secure shell client, you don't need to worry about these kinds of scenarios.

A SSH client should also support different authentication methods. These include username/password, public/private key, and various custom formats. The latter might include a system where the server could obtain information that only the authorized users know, e.g. by using a hardware ID card or by sending an access code to the user's mobile phone.

A good secure shell client needs to be able to connect to various different servers. In order to do this, it has to support latest key exchange and encryption protocols, because what seemed unbreakable five years ago, is considered less so today. If the server switches to more advanced encryption methods, ssh clients need to support these as well.

Other typical must have features for a ssh client would be:

  • SFTP file transfer
  • Port forwarding (tunneling connections from client to server through the ssh channel)
  • PKCS#11 authentication (this allows authentication through hardware, e.g. smart cards)
  • Dynamic port forwarding (SOCKS like)
  • ED25519, ECDSA, RSA and DSA public key authentication
  • X11 forwarding (allows to run x-windows programs on the remote server)
  • UTF8 support in terminal emulation
  • Connection through proxy

Technical SSH Essentials

The basis of the SSH protocol are laid out in IETF internet standard RFC 4253. The document describes SSH as a secure transport that provides cryptographic host, strong encryption, authentication, and integrity protection.

Or, as RFC 4253 states in its own words:

The Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network.
 
[...] The protocol can be used as a basis for a number of secure network services. It provides strong encryption, server authentication, and integrity protection. It may also provide compression.
 
Key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm are all negotiated.
 

It hence defines ways to create a shared encryption key in the possible presence of a listener, host and user authentication methods (i.e. ways in which users and server can prove that they are who they claim to be), and possible data compression to more effectively transmit data.

An especially challenging part of encrypting communication over public networs, is the need to negotiation a shared secret (an encryptino key) over a channel that might already be monitored by an adversary.

SSH answers this challenge through the initial key exchange phase of the connection using the older Diffie-Hellman kex method. Never versions now also support ED25519 elliptic curve kex. It is a specific implementation of the Edwards-curve Digital Signature Algorithm (EdDSA), which itself is a variant of Schnorr's signature system with Twisted Edwards curves (math heavy details can be found in the upcoming IETF standard for ED25519.


Good Terminal Emulator based on the SSH Protocol

However, SSH only covers the actual transmission of data between the client and server. But the SSH client is usually a terminal emulator, i.e. a software that allows a remote computer to receive keyboard input from, and send formatted text (color, cursor placement, etc.) to the user's computer.

Obviously, the client still needs to be able to perform the functions of a terminal - supporting various terminal emulations, printing, logging, and so on. This is why ZOC is the ideal Secure Shell Client, it does all of the above, and more.

ZOC Terminal Download

Read more about our ZOC Terminal Emulator, check its feature list, look at our screenshots or start your free 30 days of evaluation today and download ZOC Terminal V9.01.2 now.

DOWNLOAD
ZOC for Windows (32-bit)