Secure remote access technology essentially requires three core security services:
Confidentiality: The transmitted data must not be readable by unauthorized parties on the network. Confidentiality is achieved through encryption.
Integrity: Unauthorized parties must not be able to modify the data without detection. Integrity is achieved by using checksum values, which reveal tampering attempts at the receiving end.
Authentication: Both communicating parties must be able to identify each other reliably, so that no one else can pretend to be the other party. Authentication can be implemented by using challenge passwords, for instance. However, stronger authentication is achieved through public-key cryptography and digital signatures.
Non-repudiation is also usually mentioned along with these three services. Non-repudiation is a security service that prevents an entity from denying previous commitments or actions. However, in the context of communications security, non-repudiation is difficult to apply.
Note that the terms authentication and authorization refer to different actions. Authentication is the act of verifying the identity of an entity, whereas authorization is the act of verifying whether the identified entity is allowed to perform a task such as reading a file. Authentication usually precedes authorization. Authorization is determined by an access control system.
The Secure Shell protocol provides the confidentiality, integrity, and authentication services.