SSH Basics: Everything You Should Know
Understanding SSH for Safe Remote Access
Hey folks, ๐
In this blog, we'll guide you through generating SSH keys and securely connecting to a remote machine. By the end of this article, you'll be well-equipped and excited to use SSH for your remote connections. ๐
What is SSH? ๐ค
SSH is a secure protocol used as the primary means of connecting to Linux servers remotely. It provides a text-based interface by spawning a remote shell. After connecting, all commands you type in your local terminal are sent to the remote server and executed there. ๐ฅ๏ธ
How does it work? ๐ ๏ธ
This method of connecting to a remote machine works on a client-server model. Therefore, there should be software called an SSH daemon running on the remote machine.
The user should also have a utility called an SSH client, which knows how to communicate using the SSH protocol to the SSH daemon.
With the help of the SSH client utility, the user sends a connection request to the remote machine via a secure SSH tunnel. The SSH daemon running on the remote machine then verifies the credentials. If the credentials are correct, it provides shell access to the user. ๐
How is the user authenticated? ๐
There are two main methods used for user authentication.
Using Password ๐
Using SSH keys ๐๏ธ
Using Password ๐
When the user makes a connection request to the remote machine, it asks for the password. Which is the password of the remote machine user.
If the password is correct. The session is created and then shell access is provided.
This method is highly vulnerable to brute force attacks. ๐จ
Using SSH Keys ๐๏ธ
These are the pair cryptographic keys- one is public and one private. The public key is safe to share, while the private key is kept secret.
The public key is copied to the file on the remote machine, located at path
~/ssh/authorized_keys
in the user directory. This file contains all the public keys which are allowed to log in.Client connection: when the client wants to connect using ssh keys. It tells the remote machine which public key it intends to use.
Server Verification: The remote machine then checks for the public key in the
authorized_keys
file, creates a random string, encrypts it with the public key, and sends it back to the client.Client Decryption: The client decrypts the message using its private key, combines the decrypted string with the session ID, generates an MD5 hash with this combination, and sends it to the remote machine.
Hash Comparison: The remote machine also generates MD5 hash using the string that was previously generated and the session ID, and then compares it with the client hash.
Authentication Success: If the hash matches, it proves that the client has the private key and the server allows the connection. โ
Generating an SSH Key Pair ๐ง
There are a few cryptographic algorithms you can use to generate SSH keys, like RSA, ECDSA, and ED25519. Most people go with RSA keys since they're the default and generally preferred.
To create an RSA key pair on your computer, just type:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
This prompt allows you to choose the location to store your RSA private key. Press ENTER to leave this as the default, which will store them in the .ssh
hidden directory in your user's home directory. Leaving the default location selected will allow your SSH client to find the keys automatically. ๐
The next prompt allows you to enter a passphrase of an arbitrary length to secure your private key. Encrypting your secret key with a passphrase is strictly recommended. By default, you will have to enter any passphrase you set here every time you use the private key, as an additional security measure. While entering a passphrase, nothing will be displayed as you type. This is a security precaution. ๐
This procedure has generated an RSA SSH key pair, located in the .ssh
hidden directory within your user's home directory. These files are:
~/.ssh/id_rsa
: The private key. DO NOT SHARE THIS FILE! โ~/.ssh/id_rsa.pub
: The associated public key. This can be shared freely without consequence. โ
Copying your Public SSH Key to the remote machine ๐ค
You do not have password-based SSH access available, so you will have to transport and add your public key to the ARI server manually.
Send the SSH public key from your local machine by email to your mail account containing your public key as an attachment. ๐ง
Next time when you are at ARI, fetch your public key from your mail attachment and create the ~/.ssh directory in your home folder if it does not already exist:
mkdir -p ~/.ssh
Afterwards, you can create or append the ~/.ssh/authorized_keys
file by typing:
cat ~/path_to_public_key/id_rsa.pub >> ~/.ssh/authorized_keys
You should now be able to log into the gateway machine with your SSH key from every machine where you have installed your SSH secret key. ๐
The IT admins can install your public key for you at ARI if you cannot go there. ๐จโ๐ป
Connecting to a Remote Server ๐
To connect to a remote server and open a shell session there, you can use the ssh
command.
The simplest form assumes that your username on your local machine is the same as that on the remote server. If this is true, you can connect using:
ssh remote_host
If your username is different on the remoter server, you need to pass the remote user's name like this:
ssh remote_user@remote_host
Your first time connecting to a new host, you will see a message that looks like this:
The authenticity of host 'remote_host (192.168.1.1)' can't be established.
ECDSA key fingerprint is SHA256:...
Are you sure you want to continue connecting (yes/no)?
Type "yes" to accept the authenticity of the remote host.
You will be prompted for your private key's passphrase.
Enter your passphrase. If it is correct, the remote shell will open. ๐ฅ๏ธ
In conclusion, SSH is an essential tool for securely connecting to remote machines, providing a robust method for managing servers and executing commands remotely. By understanding the basics of SSH, including how it works, the methods of user authentication, and the process of generating and using SSH keys, you can enhance your security and efficiency in managing remote systems. Whether you are using password-based authentication or the more secure SSH keys, mastering these techniques will empower you to handle remote connections with confidence. ๐ช
Thank you for reading, and feel free to leave any feedback or questions in the comments! ๐ฌ