A Brief Introduction to SSH
What is SSH?
SSH, or Secure SHell is a network protocol used to secure a connection between two computers over an un-trusted network, such as the internet.
Why do we need SSH?
We need SSH because the internet is not a safe place.
In the early years of the internet there was little security or encryption. A users login information, including their password, would be sent to the remote computer in “plain text”. Without encryption the “plain text” credentials could be captured and read during transmission.
As the internet has matured, so have the security measures involved in connecting to systems. SSH was created as a replacement for the early systems. SSH uses strong cryptography to digitally scramble the communications between two computers on the internet.
OpenSSH is the most commonly deployed implementation of SSH. OpenSSH client and server programs are included in Windows 10 as well as Mac computers. Linux computers typically have openssh installed, and all distributions have it available via their system package manager.
How do we use SSH?
One way we can use SSH is to gain a secure login on a remote server. Perhaps you have a private server and would like to connect to the server with SSH. You will need the following to do this:
- The username of your login account on the remote server
- The IP address of the remote server
- A way to authenticate your login account to the remote server. Authentication proves you are who you say you are. SSH typically authenticates users with:
- a secret password
- a key pair
SSH with password
The simplest way to connect to a remote host with SSH is to authenticate with a password.
SSH connection commands require a username and an IP address, as below:
To try it out open your computer’s terminal application and connect to your private server.
Typing your password can become tedious. Using SSH key pairs allows you to log in to remote hosts without entering your password. Continue below to learn more about SSH key pairs.
SSH keys are pairs of cryptographic keys which can be used to prove your identity to remote computers.
SSH key pairs consist of two files; a private key and a public key. The public key is the part of the cryptographic magic that can be shared. It is not sensitive information.
The SSH private key is the cryptographic secret. Think of it as your password. Do not share it with anyone, and do not store it on computers that you do not trust.
Generate an SSH keypair
Begin by opening a terminal program.
- For Windows – press the windows key and type powershell
- For Mac – open Terminal.app
- For Linux – open your system’s terminal application
Now execute the following in your terminal application.
ssh-keygen -t rsa -b 2048 -f .ssh/id_rsa-yourdomain.com_2021
Replace yourdomain.com above with your domain name, if you have one. If you do not have one, consider the reasons why you might want to register one.
The ssh-keygen command creates your ssh key of the type you specify (-t rsa) with the number of bits you specify (-b 2048) at the location you specify (-f .ssh/id_rsa-yourdomain.com_2021).
Specifying the output filename allows you to create mutiple ssh keypairs. It is also a good idea to rotate your keys periodically. Date stamping the file at creation time helps remind you when keys are excessively old.
Tying it together with .ssh/config
In your home directory you will find a directory called .ssh/ This directory contains your SSH keypairs as well as other files of use to the SSH system. One of these files is .ssh/config.
.ssh/config is a file which can be used to control various configuration options. This file allows you to configure a block of settings for each server you connect to.
Consider this example .ssh/config
Host * ControlMaster auto Compression yes IdentityFile /home/your_user/.ssh/id_rsa ControlPath /home/your_user/.ssh/sockets/%C ServerAliveInterval 15 Host your.server.name HostName 10.10.10.10 User root IdentityFile /home/your_user/.ssh/id_rsa-yourdomain.com-2021
The first block of the file (Host *) applies to all hosts you connect to. The options in this block are defaults that apply first. SSH continues reading the file and applies any further blocks that match.
When connecting to your.server.name this block of the file will be applied. The ssh client program will apply the options in this block by connecting to IP address 10.10.10.10 with username root. ssh will also use the key file at /home/your_user/.ssh/id_rsa-yourdomain.com-2021
Specifying configuration in this way allows for flexibility in managing connections to servers.
Refer to the official documentation for more configuration options.