01. Introduction to Secure Shell ssh

Secure Shell (SSH) is a protocol used to login to remote servers from the command line. SSH includes secure features that encrypt data transmitted through the network so that snoopers may not access your data. In this series, we'll go over how to set up SSH as a client, and explain what public/private keys are, and explain all related commands to SSH.

SSH's secure features disallows listeners from accessing data transmitted.
SSH's secure features disallows listeners from accessing data transmitted.

Why use SSH?

SSH gives you access to the command line of another computer. As we have seen throughout this tutorial series, the command line grants us power to do almost anything we'd like. The ability to control such remote computers gives you the power and flexibility to achieve a variety of tasks.

Here are just two examples of how SSH can help aid in your productivity:

  • As a data scientist, you may need to crunch some numbers or processes on a supercomputer with system resources far greater than your home PC.
  • As a webmaster, you'll need to rent out a server that runs 24/7. Oftentimes these computers' physical locations are several hundred miles away. To conveniently maintain and update your website you'll need to log into the server with SSH.

Security features of SSH

In the early days of Linux, different protocols were used instead of ssh. Two examples are telnet and Virtual Network Computer (VNC). These early protocols worked, but were very insecure since they transferred data in cleartext.

The advantages of using SSH over the legacy alternatives include:

  • Allows for authentication features such as SCP (for file transfers), X session forwarding and port forwarding.
  • Allows users to confidently perform root tasks, and ensures connection is secure and valid.
  • SSH allows for tunneling, which is the process of packaging other unsecure network connections with SSH in order to encrypt its data.
  • Avalability on all UNIX-like systems.

One drawback of SSH is the amount of lag due to CPU time being consumed for encryption and decryption. Another more obvious drawback is the learning curve necessary for setup and configuration - but have no fear! This tutorial will explain everything in easy-to-understand terms!

Basic commands and options

The basic command used to secure shell into a computer is simple. We can use ssh, followed by either the IP address or hostname of the computer you want to log into.

$ ssh 54.201.157.251 
# You can use a host name instead 
$ ssh ex.amplwebsite.com

Specifying a Username

By default, ssh assumes that you are trying to log-in with the same username as your local machine. However, your username on the remote server will sometimes be different from your local computer. To specify your username, you can use the -l option or type your username before the IP address/hostname followed by an @ symbol.

$ ssh -l user 54.201.157.251
$ ssh user@54.201.157.251
The authenticity of host '54.201.36.76 (54.201.36.76)' can't be established. RSA key fingerprint is c5:23:23:52:00:49:08:04:f9:50:f5:34:7f:aa:ef:27. Are you sure you want to continue connecting (yes/no)?

Upon first logging into a remote computer, you'll be asked a question of whether the authenticity of the host is OK. This is to ensure that you're not the target of a man-in-the-middle attack. Once you've verified the RSA fingerprint, type "yes."

Another handy option used frequently is to specify the port number. The port number identifies to which process a network message should be directed to when it arrives at a server. The default port number for secure shell is 22, and for FTP data transfer it's 20.

Verbose Mode

Sometimes you'll run into some errors, and ssh will quit with very little information as to what went wrong. To activate verbose mode, use -v, -vv, -vvv, each one increasing in verbosity.

If you have successfully connected, you should notice the .ssh directory in your local home folder.

The ~/.ssh Folder

The .ssh folder located in your home directory (~), and contains all user configurations for secure shell login.

known_hosts

After using ssh for the first time, you should notice a known_hosts file. This file contains a list of all hash keys for all approved host computers, but won't explicitly indicate which ones. This is an added security measure so that even if hackers access the file, they won't be able to know which servers to compromise.

config

If you have specific parameters you'd like to save for a connection, you can set up a shortcut name, hostname, user, and port number all in the config file.

For example, if you're a bioinformaticist and work on a bioinformatics server, you can input the following data:

Host binf_server
  HostName binf.bfx.sju.edu
  User student
  Port 50433

Now that you have a specific server set up, you may simply type ssh binf_server to log in, and SSH will load all your default parameters.

authorized_keys

On the host server, you'll see a file called authorized_keys. This is a list of public keys that will allow the corresponding private key to login via key authorization instead of password authorization.

$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCh9aQwyrJJbKiQaKGHDGIUEU1rIfHO6zvsjn+kBzC/xLyxwDUTGsMmwhF0aSgDKW6riCXGP+3Sn23doai3RAsaCMPh1aTo5oOXFQIhhKOZK44MJdA3rypzxq3o0emlcRLA8p/5CzS+EscCUVCmbK9fIbH57jQzxROtCS5nsmoZzawVBz4CN4kaJbtYLf4y7R8BQZHsRV51plmLuazIsd7Ate8HYVVuHM/xQHr9R1MCiFfDUxhH4veHOmw2u2pYp0OAfQALQUtNpzbS7NSWGI7X5lFuSfMrVwfhRUSbpkk1UdMXX7FCMiFOq7pD3lCj/ScQsr7FPBm+/PlH3FhrRkLR example

The random letters, numbers and characters of a key are what makes SSH secure. Let's learn about SSH keys and their types next.

Take your Linux skills to the next level!

Linux for Beginners

Take your Linux skills to the next level! Try Linux & UNIX

Linux for Beginners doesn't make any assumptions about your background or knowledge of Linux. You need no prior knowledge to benefit from this book. You will be guided step by step using a logical and systematic approach. As new concepts, commands, or jargon are encountered they are explained in plain language, making it easy for anyone to understand.

$ Check price
24.9924.99Amazon 4.5 logo(101+ reviews)

More Linux & UNIX resources

Aching back from coding all day?

Self-Massage Tool

Aching back from coding all day? Try Back Problems

Relieve spasms, tight muscles, trigger points and pressure points with the Body Back Buddy! This trigger point massage is designed to help you self-message any area of your body - especially those that are hard to reach. Keeping your muscles relaxes and out of contraction is importan in helping to reduce pain and prevent muscle injury.

$ Check price
29.9529.95Amazon 4.5 logo(3,443+ reviews)

More Back Problems resources

Ad