SSH: the 1995 protocol nothing has displaced
Tatu Ylönen wrote SSH at Helsinki University of Technology in July 1995 after a password-sniffing incident. Thirty years later it is the default remote-access protocol on every Unix-like operating system, including Windows. Almost nothing else in security tooling has lasted as long unchanged.
AI-assisted postDrafted with help from Claude, edited and fact-checked by Mart. See transparency policy →In July 1995, Tatu Ylönen, then a researcher at Helsinki University of Technology, released the first version of SSH as freely available software. By the end of the same calendar year an estimated twenty thousand people in fifty countries were using it. Thirty years later it is still the default protocol for logging into a remote Unix-like machine, the default protocol for moving files between two of them, and the default protocol for triggering remote command execution across CI, deployment, and orchestration systems. Almost no security tool from the mid-1990s is still the default in 2026. The fact that SSH is says something useful about both the protocol and the alternatives that tried to replace it.
July 1995, Helsinki
The trigger was banal: someone on the network at Helsinki University of Technology had installed a password sniffer and was harvesting credentials. Telnet, rlogin, rsh, and FTP — the protocols engineers actually used to do remote work in 1995 — all transmitted authentication and session data in clear text. A sniffer on any segment of the network between the client and the server could read every password and every keystroke. By 1995 such tools had been in circulation for a decade; the Morris worm of 1988 had already shown what an unauthenticated remote-execution surface looked like. The Helsinki incident was not unusual. It was the response that was.
Ylönen wrote a replacement protocol over several weeks, modelled on rsh's user-facing behaviour but with cryptographic transport underneath. The first public release — SSH 1.0 — went out in July 1995. The software was distributed as freeware with source available, on the explicit hope that adoption would mean nobody had to keep typing passwords across an unencrypted network. Within six months it was running at around twenty thousand sites in fifty countries. Ylönen was fielding 150 support emails a day and could not maintain the project alone.
In December 1995 he founded SSH Communications Security, Ltd., a company to maintain and commercialise the protocol. The freeware version continued for a while; the licence terms tightened progressively over the following four years.
What SSH replaced
Before SSH, the standard ways to operate on a remote Unix machine were a small set of clear-text protocols, all of them designed in a period when network sniffing was not yet a routine attacker capability:
| Protocol | Year | Port | What it carried in plaintext |
|---|---|---|---|
| Telnet | 1969 | 23 | Username, password, every keystroke, every command output |
| rsh | 1981 | 514 | Same, plus host-based trust that could be forged |
| rlogin | 1981 | 513 | Same as Telnet |
| FTP | 1971 | 21 | Username, password, file contents, control commands |
| rcp | 1981 | 514 | File contents, authentication credentials |
The host-based trust model in rsh was the worst of the lot: a /etc/hosts.equiv or ~/.rhosts entry would let any account on a "trusted" host log in to the local account of the same name with no password, and the trust check used the source IP address which was trivially spoofable on the LAN of 1995. SSH replaced all five of these with a single protocol that used asymmetric cryptography to authenticate hosts, asymmetric or password cryptography to authenticate users, and symmetric cryptography to protect the session. The replacement was so cleanly drop-in that most sites migrated within a year.
Port 22
SSH listens on TCP port 22 by default. The number is not arbitrary. Ylönen requested it from IANA in 1995, asking for an unused well-known port near the existing remote-access protocols. The neighbours were already familiar: FTP on 21, Telnet on 23. The next available number between them — 22 — was assigned without much process. The IANA assignment record still names Ylönen.
The cultural side effect: most firewalls in 2026 allow outbound port 22 by default, most cloud security groups open it for administrative access, and most port-scan dictionaries place it near the top of the list. Port 22 has become roughly as common a default as port 80 for HTTP or 443 for HTTPS.
SSH-1 and SSH-2
The original protocol — now retroactively called SSH-1 or SSH protocol version 1 — was published in 1995 and had several cryptographic weaknesses by the time anyone noticed: a CRC-32 integrity check that was malleable under chosen-plaintext attack, brittle host-key handling, and no key re-exchange during long sessions. Ylönen redesigned the protocol in 1996 as SSH-2, addressing those weaknesses and adding a layered architecture (transport, authentication, connection) that has held since. SSH-2 became an IETF working group output and the basis for the published standards RFC 4250 through RFC 4256 in January 2006.
SSH-1 was widely deprecated by 2006 and removed from OpenSSH 7.0 in August 2015. Any modern system that still supports SSH-1 is misconfigured.
OpenSSH, 1999
The pivot from freeware to proprietary licensing inside SSH Communications Security between 1995 and 1999 left a window. The last freely-redistributable version of Ylönen's original SSH was 1.2.12. In 1998 a Swedish developer named Björn Grönvall released OSSH — a maintained fork of 1.2.12 with security patches. In 1999 the OpenBSD project, led by Theo de Raadt, took OSSH and aggressively cleaned it up, modernised the codebase, added SSH-2 support, and released it as part of OpenBSD 2.6 in December 1999.
The clean-up release was named OpenSSH. OpenSSH became the default SSH implementation on every BSD, every Linux distribution, eventually on macOS, and — since 2018 — even shipped with Windows Server and Windows 10. The portable version of OpenSSH (openssh-portable) is maintained by the OpenBSD team and is the single most widely deployed cryptographic tool on Unix-like systems, by an enormous margin.
The proprietary lineage of Ylönen's SSH Communications Security continued in parallel as commercial software (now Tectia SSH) and is still sold for enterprise environments. Almost everyone else uses OpenSSH.
Why nothing has displaced it
Several projects over the last twenty years have tried to be the next SSH. They have all stayed alongside rather than above:
- Mosh — mobile shell, from MIT, 2012. UDP-based, intermittent-connectivity-tolerant. Used over SSH as the initial authentication channel; never replaces it.
- Tailscale SSH — wraps SSH inside Tailscale's WireGuard-based mesh, replaces the authentication and key-management layers. SSH protocol still underneath.
- Teleport — adds certificate-based access, audit logging, and session recording. Speaks SSH on the wire. Replaces nothing.
- Cloudflare Tunnel + SSH — tunnels SSH through Cloudflare's edge for zero-trust access. SSH protocol intact.
- Browser-based remote shells (AWS Systems Manager Session Manager, GCP IAP) — typically transport SSH over a different control plane.
Every attempt at displacement has ended up wrapping SSH rather than replacing it. The protocol has not been displaced because it has not aged badly: the cryptographic primitives have been rotated, the wire format has been versioned, the key types have been added (ECDSA in 2009, Ed25519 in 2014, post-quantum hybrid in 2024), and the basic semantics of open a port, authenticate with a key, run a process or move a file are still the right semantics.
The post-quantum migration
The current migration in OpenSSH is the post-quantum one. OpenSSH 9.0 in April 2022 introduced sntrup761x25519-sha512@openssh.com as a hybrid key-exchange algorithm — a classical X25519 exchange combined with a Streamlined NTRU Prime post-quantum exchange. OpenSSH 9.9 in late 2024 made the hybrid the default. OpenSSH 10.0 in 2025 made it the preferred and in some configurations mandatory algorithm for new sessions, with classical-only handshakes being phased out as a security risk.
The migration is forward-looking: there is no current attacker with a quantum computer capable of breaking X25519, but session records captured today can be decrypted later if quantum computers arrive. The hybrid handshake protects the session against future retrospective decryption. The migration is happening across the industry — TLS 1.3 added equivalent algorithms in 2024 — but SSH is the one most operators feel directly because the connection is interactive and the key types are familiar.
A short close
A protocol designed by one researcher in a few weeks in 1995, in direct response to a password-sniffing incident, has become the universal default for remote access on Unix-like systems and has resisted every serious replacement attempt for thirty years. The lesson is not that the original design was unusually visionary — it was a careful, pragmatic engineering of the cryptographic ideas that were already known in 1995. The lesson is that the alternative protocols of 1995 were so badly broken that there was unusual pressure to migrate, and the migration target turned out to be designed well enough to absorb three decades of cryptographic updates without ever needing to be replaced wholesale. The cryptography rotates; the protocol stays.
Read next
grep is short for g/re/p — the ed command syntax for global regular expression print. Regular expressions themselves go back to a 1951 RAND memo by Stephen Kleene. The thirty-year flavour war is a footnote to the original math.
A docker is a longshoreman — the worker at a port who loads and unloads shipping containers. The software took its name from the work; the work took its metaphor from the 1956 standardisation of physical shipping containers. The container ecosystem inherited the maritime vocabulary.
POSIX stands for Portable Operating System Interface, plus an X added at the IEEE's request. Richard Stallman coined the name in 1988. The standard codifies the Unix interface every modern operating system claims to implement and almost none follow strictly.