SSH Beginner Guide

SSH is a software package that enables secure system administration and file transfers over insecure networks.

It was developed by Tatu Ylonen in 1995 in response to a hacking incident in the Finnish University Network.

List of SSH implementations

• OpenSSH server for Unix, Linux

• PuTTY client for Windows and Linux

• CyberDuck client for Mac

SSH Protocol & Its Working

The SSH protocol uses encryption to secure the connection between a client and a server. All user authentication, commands, output, and file transfers are encrypted to protect against attacks in the network.

Secure Shell Key

It allows users to connect with the server, without having to remember or enter passwords for each system. It always comes in key pairs:

• Public key - Everyone can see it, no need to protect it.

• Private Key - Stays in computer, must be protected.

Key pairs can following types:

• Client key - If Public and Private key remain with user.

• Server Key - If Public and Private key remain with remote system.

• Sessions key - Used when a large amount of data is to be transmitted.

The general procedure is:

• Public keys from the local computers (system) are passed to the server which is to be accessed.

• The server then identifies if the public key is registered.

• If so, the server then creates a new secret key ( Session Key) with encrypted code and encrypts it with the public key which was sent by client via local computer.

• This encrypted code is sent to the local computer.

• This data is unlocked by the private key of the system and is sent to the server.

• The server after receiving this data verifies the local computer.

• SSH creates a route and all the encrypted data are transferred through it with no security issues.

Cryptography Techniques Used In SSH

1. Symmetric Cryptography: Single key used for encrypting and decrypting the message. e.x DES ans AES.

   

2. Asymmetric Cryptography: 2 key used for encrypting and decrypting the message. e.x RSA, Digital Signature

   

3. Hashing: This converts a variable-length string to a fixed-length string. This fixed-length value is called a hash value, which is generated by a hash function.

   

OpenSSH

OpenSSH is an open-source implementation of the SSH protocol. OpenSSH consist of following tools:

• Openssh-Clients: The OpenSSH client program is called ssh. The SSH client generally uses information in the .ssh directory in the user's home directory. It also reads /etc/ssh/ssh_config,

  • Remote operations are done by client using ssh, scp, and sftp.

  • Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.

• Openssh-Server: The OpenSSH server program is called sshd. The server is typically started during boot, and reads its configuration from /etc/ssh directory. Its main configuration file is usually /etc/ssh/sshd_config.

  • The service side consists of sshd, sftp-server, and ssh-agent.

Installation of OpenSSH

SSH used port number 22 at TCP/IP.

Step 1: Installing of OpenSSH software on both Client and Server.

For Debian/Ubuntu-based Systems, open the terminal and run:

sudo apt install openssh-client openssh-server

For Red Hat-based systems like CentOS or Fedora, use either of the following commands:

sudo dnf install openssh-clients openssh-server

Step 2: Verify the OpenSSH Installation.

ssh -V

other way to verify is to look at relevant configuration files

Client Configuration file

$ file /etc/ssh/ssh_config

Remote Server Configuration file

$ file /etc/ssh/sshd_config

How to SSH to remote server

Connect using Username and password:

Syntax of SSH command in Linux.

$ ssh [username]@[hostname or IP address]

1. Username:

    $ whoami
   

2. Ip Address:

    $ ip addr show
   

Connect Using Key:

Step 1: Public and Private key generation

$ ssh-keygen -t [algo-used] -b [key-size-in-bits] -f [file location to saved key]

$ ssh-keygen -t ed25519 -f ~/.ssh/rehan -b 521

Algorithm: rsa, dsa, ecdsa, ed25519

After running this command, you’re left with private ssh key called rehan and public ssh key called rehan.pub

Private key: /home/user/.ssh/rehan

Public key: /home/user/.ssh/rehan.pub

Changed permission of private key so that only owner can read and write

$ cd /home/user/.ssh

$ chmod 600 rehan

Step 2: Copy the ssh key to remote server, to do so you must be able to login remote server with its password.

$ ssh-copy-id -i [public-key-file-locaton] user@RemoteIP

$ ssh-copy-id -i ~/user/.ssh/rehan.pub RemoteRehan@192.171.10.2

Step 3: Login to remoter server.

$ ssh usrername@RemoteIP

to verify run the below command after login, you will see the remoter server username.

$whoami