Most servers providing a service (such as websites and emails) over the modern internet aren't attached to keyboards or monitors. Even when servers do have local input/output hardware, remote access is often much more convenient.
Various protocols have been used to provide remote command-line access to servers. One of the first such protocols was Telnet. With Telnet, a client remotely connects to a server using plaintext over TCP port 23. The server provides more-or-less direct access to the operating system command-line through this Transmission Control Protocol (TCP) connection. The client sends plaintext commands to the server, and the server executes these commands. The command-line output is sent back from the server to the client.
Telnet has a major security shortcoming: it does not encrypt any data sent over the network. Even user passwords are sent as plaintext when using Telnet. This means that any network eavesdropper could obtain user credentials!
The SSH protocol has now largely replaced Telnet. The SSH protocol works over TCP using port 22. SSH uses strong encryption to protect against eavesdropping.
SSH allows clients to verify servers' identities using public-key authentication. Without public-key authentication of the server, an impostor could masquerade as a legitimate server and attempt to trick a client into connecting. Once connected, the client would send its credentials to the impostor server.
SSH also provides many methods for client authentication with severs. These include sending a password or using public-key authentication. We look at these methods in detail later.
SSH is a complicated protocol. So, instead of attempting to implement it ourselves, we use an existing library to provide the needed functionality.