How secure shell works ???

Last Blog Review →

In the last blog we understood, the commands to archive a file using tar in Linux along with different compression techniques.

SSH Work Internally →

Now we connect the EC2 machine from local using “ssh” which is “secure shell”. But how does it work internally ???

1. To connect to the Linux OS EC2 machine from our local machine we need to use "ssh client".

2. We need to have "ssh client" in our local machine. To check it open the terminal on your machine (For windows it will be cmd) and type ssh and enter. It should show below o/p

    C:\Users\hp>ssh
    usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]
               [-c cipher_spec] [-D [bind_address:]port] [-E log_file]
               [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]
               [-J destination] [-L address] [-l login_name] [-m mac_spec]
               [-O ctl_cmd] [-o option] [-P tag] [-p port] [-Q query_option]
               [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
               destination [command [argument ...]]
   

3. Then "Locate your private key file. The key used to launch EC2 instance is ......pem". So, go to the terminal and move into the folder where the pem file is installed.

   (For my go to downloads folder in cmd where the pem file is present)

4. Then "Run this command, if necessary, to ensure your private pem key is not publicly viewable using chmod 400 Mihir.pem".

5. Then "Connect to your instance using its Public DNS: ec2-3-94-96-214.compute-1.amazonaws.com"

   means ec2-3-94-96-214.compute-1.amazonaws.com is the server DNS where our instance is running. So, we want to connect to our instance running on the cloud using ssh as a user, which is ubuntu (name) as given while launching the instance because we will be entering into our machine as a user.

   ex. [ssh -i "Mihir.pem" ubuntu@ec2-3-94-96-214.compute-1.amazonaws.com]

   1. which means we are connecting to our EC2 machine from a local machine securely that's why "ssh".

   2. Next the EC2 machine has a public key file in it and the owner of the EC2 machine has the private key file (Mihir.pem) so other people can't access his EC2 machine, only those people can access the EC2 machine who has the private key file (Mihir.pem) of the EC2 machine and mostly it's the owner of the EC2 machine that's why "-i Mihir.pem" as the "Mihir.pem" file is a private key file of the EC2 machine.

   3. When we use the private key file "Mihir.pem" in the command then while sshing the private key file (Mihir.pem) present on the local machine and the public key file on the EC2 machine is matched if the private key file (Mihir.pem) is proper then only the connection happens and we can access the EC2 machine from local machine.

   4. Then "ubuntu" means the username which we have used while creating the EC2 machine and "@ec2-3-94-96-214.compute-1.amazonaws.com" is the server DNS where our EC2 machine is running.

6. In this way the private key which is a “.pem” file is matched with the public key on the EC2 machine, when allows the secure connection to happen for connecting the shell.

7. So, when an EC2 machine is created there are two keys created one is public key file and private key file.

   The public key file is kept in the E2 machine at directory

   "cd .ssh" -> "ls" -> "cat authorized_keys" the "authorized_keys" is the public key file,

   the private key file (Mihir.pem) is given to us i.e. which we download while creating key-pair.

Conclusion →

In this blog we understood how the ssh works, this is important as we should have proper knowledge how the private key connects with the public key. The public key is kept where in the EC2 machine and the match happens for securely connecting the EC2 machine (Linux OS). This will be important going forward when we understand how to connect 2 EC2 machines togetherr.

Image credit → https://www.foxpass.com/blog/learn-ssh-keys-in-minutes/