SSH

Introduction

SSH is a secure protocol used as the primary means of connecting to another Linux machine remotely. It provides you a command line interface where you can type your command that you want to run on anonther machine. After connection, all command you type in your local terminal are sent to remotely connected machine and executed there.SSH stand for Secure Shell.

Working

SSH connection is working on client-server model. This means that for an SSH connection to be established, the user’s computer must have SSH client and the remote machine must have SSH server. This software listen for a connection on specified network port and authenticate connection request, and spawns the appropriate environment if the user provides the correct credentials.

SSH Authentication

Clinet generally authenticate using SSH keys which are very secure. Password logins are encrypted and easy to understand for new user.SSH keys are a matching set of cryptographic keys which can be used for authentication. Each set contains a public and a private key. The public key can be shared freely without concern, while the private key must be vigilantly guarded and never exposed to anyone.

To authenticate using SSH keys, a user must have an SSH key pair on their local computer. On the remote server, the public key must be copied to a file within the user’s home directory at ~/.ssh/authorized_keys. This file contains a list of public keys, one-per-line, that are authorized to log into this account.

When a client connects to the host, wishing to use SSH key authentication, it will inform the server of this intent and will tell the server which public key to use. The server then check its authorized_keys file for the public key, generate a random string and encrypts it using the public key. This encrypted message can only be decrypted with the associated private key. The server will send this encrypted message to the client to test whether they actually have the associated private key.

Upon receipt of this message, the client will decrypt it using the private key and combine the random string that is revealed with a previously negotiated session ID. It then generates an MD5 hash of this value and transmits it back to the server. The server already had the original message and the session ID, so it can compare an MD5 hash generated by those values and determine that the client must have the private key.

Installation

To install SSH o your machine simple open Terminal on your machine and type a command:

sudo apt install openssh-client

And then open the Terminal  on the machine you want to connect to your machine  and install openssh-server :

sudo apt install openssh-server

Generating  SSH Key Pair

Generating a new SSH public and private key pair on your local computer is the first step towards authenticating with a remote server without a password.

To generate an RSA key pair on your local computer, type:

ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/mehmood/.ssh/id_rsa):

This prompt allows you to choose the location to store your RSA private key. Press ENTER to leave this as the default, which will store them in the .ssh hidden directory in your user’s home directory. Leaving the default location selected will allow your SSH client to find the keys automatically.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

The next prompt allows you to enter a passphrase of an arbitrary length to secure your private key. By default, you will have to enter any passphrase you set here every time you use the private key, as an additional security measure. Feel free to press ENTER to leave this blank if you do not want a passphrase. Keep in mind though that this will allow anyone who gains control of your private key to login to your servers.

If you choose to enter a passphrase, nothing will be displayed as you type. This is a security precaution.

Your identification has been saved in /home/mehmood/.ssh/id_rsa.
Your public key has been saved in /home/mehmood/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BaMvcjqHzTx1DKj5F079bX+on3sQ/PlH9NK2mTpiY58 mehmood@mehmood-7G-Series
The key's randomart image is:
+---[RSA 2048]----+
| o |
| o o |
| o . . . |
| o . = o .|
| + o S + =o|
| X = o . .o.*|
| + B o . o*=|
| o o = oo*=|
| o =E*o+|
+----[SHA256]-----+

This procedure has generated an RSA SSH key pair, located in the .ssh hidden directory within your user’s home directory. These files are:

• ~/.ssh/id_rsa: The private key. DO NOT SHARE THIS FILE!
• ~/.ssh/id_rsa.pub: The associated public key. This can be shared freely without consequence.

Connecting

First you have to know the IP address of the server machine type simple command on your server machine:

ifconfig | grep "inet addr"

After this you will get the IP address and then find the user name of server machine by typing this command:

whoami

And now open Terminal on your machine and type a command to connect to your server machine:

ssh username@IP

 

And now you are on  your server machine type a command on a terminal that will be executed on a server machine.