There are three core security services that are essential requirements for a secure remote access technology.
Confidentiality: The transmitted data must not be readable by unauthorized parties on the network. Confidentiality is achieved through encryption.
Integrity: Unauthorized parties must not be able to modify the data without detection. Integrity is achieved by using checksum values, which reveal tampering attempts at the receiving end.
Authentication: Both communicating parties must be able to identify each other reliably, so that no one else can pretend to be the other party. Authentication can be implemented by using challenge passwords, for instance. However, the strongest authentication is achieved through public-key cryptography and digital signatures.
Non-repudiation is also usually mentioned along with these three services. Non-repudiation is a security service that prevents an entity from denying previous commitments or actions. However, in the context of communications security, non-repudiation is difficult to apply.
Note that the terms authentication and authorization refer to different actions. Authentication is the act of verifying the identity of an entity whereas authorization is the act of verifying whether the identified entity is allowed to perform a task such as reading a file. Authentication usually precedes authorization. Authorization is determined by an access control system.
The Secure Shell protocol provides the confidentiality, integrity, and authentication services.