Citrus
Search...

Understanding SSH: A Beginner's Guide

Introduction to SSH

Secure Shell (SSH) is a suite of programs that allows you to control remote machines, execute commands, and transfer files securely.

SSH is a widely used standard, with SSH clients included by default on most Linux distributions and macOS. On Windows, you can use SSH clients such as PuTTY, WinSCP, Bitvise, or any other. SSH clients are also available for Android and iOS.

SSH Utilities

OpenSSH server utilities include:

  • sshd (OpenSSH Daemon): A daemon program that waits for connections from clients.
  • sftp-server (SFTP server subsystem): A program for file transfers using the SFTP protocol, usually invoked automatically by the sshd daemon.

OpenSSH client utilities include:

  • ssh (SSH client): Logs into a remote machine and executes commands.
  • ssh-keygen: Creates and manages authentication keys.
  • scp: Copies files between local and remote machines using an encrypted channel.
  • sftp: Transfers files over a secure channel, similar to FTP.

These programs are essential for generating keys, connecting to remote machines, and copying files. Also there are other utilities in the OpenSSH package include:

  • ssh-agent: A private key storage program used for public key authentication, typically started at the beginning of an X session or logon session.
  • ssh-add: Adds a private key to the authentication agent.
  • ssh-keyscan: Collects SSH host public keys from multiple hosts, useful for creating and verifying ssh_known_hosts files.
  • ssh-copy-id: Uses locally available keys to authenticate on a remote computer.
  • ssh-keysign: Generates the digital signature required during host-based authentication, enabled through the global client configuration file.

Installing and Configuring SSH Server

Most Linux distributions come with OpenSSH pre-installed. Espesially, if you create virtual machines on cloud providers like Hetzner, DigitalOcean, etc., you will have SSH access to your machine by default.

You may install the OpenSSH server on Ubuntu, Debian, or Raspberry Pi using the following commands:

sudo apt update
sudo apt install openssh-server

After installation, you need to start and enable the SSH service to ensure it runs at boot:

sudo systemctl start ssh
sudo systemctl enable ssh

Basic Usage of SSH

Once SSH is installed and running, you can connect to a remote machine using the ssh command. The basic syntax is:

ssh username@hostname_or_ip

For example, to connect to a server with the IP address 192.168.1.10 as the user john, you would use:

ssh [email protected]

Understanding SSH Keys

SSH keys are a more secure way of logging into an SSH server, compared to using passwords. They consist of a pair of keys: a public key and a private key. The public key is placed on the server you want to connect to, while the private key remains on your local machine.

Do not share your private keys with third parties.

Generating SSH Keys

To generate an SSH key pair, use the following command:

ssh-keygen -t ed25519 -C "[email protected]"

You will be prompted to enter a file in which to save the key and a passphrase.

You can leave the passphrase blank or enter a simple password or even a short PIN, such as a 4-digit PIN. This passphrase will be used to encrypt your private to protect it in case it falls into the wrong hands.

By default, the public key is saved in the file ~/.ssh/id_ed25519.pub (it has suffix .pub), while ~/.ssh/id_ed25519 is the private key.

Copying the Public Key to the Server

To copy your public key to the server, you can use the ssh-copy-id utility:

ssh-copy-id username@hostname_or_ip

You will be prompted: Are you sure you want to continue connecting (yes/no/[fingerprint])?, just type yes.

Also you may append the public key to the ~/.ssh/authorized_keys file on the server with any text editor.

After copying the key, you can log in to the server:

ssh username@hostname_or_ip

Basic SSH Commands and Options

Connecting to a Remote Server

ssh user@hostname

Specifying a Port:

ssh -p 2222 user@hostname

You may use -i option to select a file from which the identity (private key) for public key authentication is read.

ssh -i ~/.ssh/id_ed25519 user@hostname

Executing a Command on a Remote Server

ssh user@hostname 'command'

Example:

ssh [email protected] 'ls -l /var/www'

or

ssh [email protected] whoami

Using SSH Config File

The SSH config file (~/.ssh/config) can simplify SSH connections. Here’s an example configuration.

You may use your favorite editor to write out or edit the config file, like:

nano ~/.ssh/config

Or simply use tee utility to add to the file your config:

tee -a ~/.ssh/config >/dev/null <<EOT
Host myserver
    HostName 192.168.1.3
    User demo_vm
    Port 22
    IdentityFile ~/.ssh/id_ed25519
EOT

With this config, you can connect using:

ssh myserver

Conclusion

This article has introduced you to the basics of SSH, including installation, configuration, and usage. In the next article, we will dive deeper into advanced SSH configurations and key management. Stay tuned!