Citrus
Search...

Understanding SSH: A Beginner's Guide

Introduction to SSH

Secure Shell or SSH is a suite of programs that lets you log into a remote machine to execute commands securely. It allows users to log into another computer over a network, execute commands, and transfer files securely. You can also forward X11 connections, arbitrary TCP ports, and UNIX domain sockets over this secure channel.

SSH prevents attacks such as sniffing, DNS/IP spoofing, data forgery, and connection hijacking. SSH support is standard in all UNIX systems, with most including both SSH client and server utilities.

For Windows there are own implementations of SSH clients like PuTTY, WinSCP, Bitvise, etc. Also similar clients are available for Android and iOS.

For macOS SSH client included by default. You can use it directly from the Terminal.

For Ubuntu Linux SSH client included by default, but if for some reason it’s not installed, you can easily install it with the package manager:

sudo apt update
sudo apt install openssh-client

SSH Utilities

OpenSSH server utilities include:

  • sshd (OpenSSH Daemon): A daemon program that waits for connections from clients.
  • sftp-server (SFTP server subsystem): A program for file transfers using the SFTP protocol, usually invoked automatically by the sshd daemon.

OpenSSH client utilities include:

  • ssh (SSH client): Logs into a remote machine and executes commands.
  • ssh-keygen: Creates and manages authentication keys.
  • scp: Copies files between local and remote machines using an encrypted channel.
  • sftp: Transfers files over a secure channel, similar to FTP.

These programs are essential for generating keys, connecting to remote machines, and copying files. Also there are other utilities in the OpenSSH package include:

  • ssh-agent: A private key storage program used for public key authentication, typically started at the beginning of an X session or logon session.
  • ssh-add: Adds a private key to the authentication agent.
  • ssh-keyscan: Collects SSH host public keys from multiple hosts, useful for creating and verifying ssh_known_hosts files.
  • ssh-copy-id: Uses locally available keys to authenticate on a remote computer.
  • ssh-keysign: Generates the digital signature required during host-based authentication, enabled through the global client configuration file.

Installing and Configuring SSH Server

Before using SSH, you need to ensure that the OpenSSH server and client are installed on your Linux system. Here’s how you can install it on Debian-based Linux distributions:

sudo apt update
sudo apt install openssh-server
Note that all the commands present in this article were tested on a fresh Ubuntu 22.04 machine

After installation, you need to start and enable the SSH service to ensure it runs at boot:

sudo systemctl start ssh
sudo systemctl enable ssh

Basic Usage of SSH

Once SSH is installed and running, you can connect to a remote machine using the ssh command. The basic syntax is:

ssh username@hostname_or_ip

For example, to connect to a server with the IP address 192.168.1.10 as the user john, you would use:

ssh [email protected]

Understanding SSH Keys

SSH keys are a more secure way of logging into an SSH server, compared to using passwords. They consist of a pair of keys: a public key and a private key. The public key is placed on the server you want to connect to, while the private key remains on your local machine.

Do not share your private keys with third parties.

Generating SSH Keys

To generate an SSH key pair, use the following command:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This command generates a new RSA key pair with a key length of 4096 bits. You will be prompted to enter a file in which to save the key and a passphrase for added security.

You can leave the passphrase blank or enter a simple password or even a short PIN, such as a 4-digit PIN. This passphrase is only required to increase the security of the private key.

By default, the public key is saved in the file ~/.ssh/id_rsa.pub (it has suffix .pub), while ~/.ssh/id_rsa is the private key.

Copying the Public Key to the Server

To copy your public key to the server, you can use the ssh-copy-id utility:

ssh-copy-id username@hostname_or_ip

You will be prompted: Are you sure you want to continue connecting (yes/no/[fingerprint])?, just type yes

After copying the key, you can log in to the server without entering a password:

ssh username@hostname_or_ip

Basic SSH Commands and Options

Connecting to a Remote Server

ssh user@hostname

Specifying a Port:

ssh -p 2222 user@hostname

You may use -i option to select a file from which the identity (private key) for public key authentication is read.

ssh -i ~/.ssh/id_rsa user@hostname

Executing a Command on a Remote Server

ssh user@hostname 'command'

Example:

ssh [email protected] 'ls -l /var/www'

or

ssh [email protected] whoami

Using SSH Config File

The SSH config file (~/.ssh/config) can simplify SSH connections. Here’s an example configuration.

You may use your favorite editor to write out or edit the config file, like:

nano ~/.ssh/config

Or simply use tee utility to add to the file your config:

tee -a ~/.ssh/config >/dev/null <<EOT
Host myserver
    HostName 192.168.1.3
    User demo_vm
    Port 22
EOT

With this config, you can connect using:

ssh myserver

Conclusion

This article has introduced you to the basics of SSH, including installation, configuration, and usage. In the next article, we will dive deeper into advanced SSH configurations and key management. Stay tuned!