SSH Summary

Posted on Edited on In Word count in article: 472 Reading time ≈ 2 mins.

Introduction

SSH is the short of Secure Shell Protocol, for establish safe connections between servers and clients.

How It Works

SSH uses public-private key pair and cryptography to authenticate one remote connection.
The public key is placed in the server end while the private key should be stored in client end. On Unix-like machines (server end), the public keys are usually stored in ~/.ssh/authorized_key. The public key should have the following format: 

1
2
<cryptography_type> <public_key> <optional_comment>
ssh-rsa AAAA... rsa-key-20230618

Different platform may give different support via key cryptography types. The following types are mostly used:

  • RSA
  • Ed25519
  • DSA

When you are establishing one connection through SSH, your machine (client end) is authorized whether it has the matching private key or not.

How To Use

3.1. Check host machine

Make sure the ssh service is started.

1
2
3
4
sudo service ssh status

# start the service
sudo service ssh start

3.2. Generate public-private key pair

The very first step is to generate publiv private key pair and place it into the right path.
In cloud server scenario, they mostly provide SSH pair in the procedure of deploying new servers. All you need is to download the private key file in client end.
Otherwise, you have to generate the pair by your self (Command line or PuTTY):

1
2
ssh-keygen -t <key-type> -b <bit-length> -C "key name" -f "name of the root file"
ssh-keygen -t rsa -b 2048 -C github_myemail@email.com -f rsa_20230618

You will be asked to give a passphrase for the key pair (not mandatory).

3.3. Send public key to the server

Then you need to upload the public key to a spacific place or copy & paste the text of public key to ~/.ssh/authorized_key. The file name of public key ends with .pub.
With command ssh-copy-id, you can send your key to the server automatically.
For the first time setting the server, log-in with password is needed. So make
sure PasswordAuthentication yes is on in file /etc/ssh/sshd_config. 

1
ssh-copy-id -i ~/.ssh/yourkey user@host

If you have access to the server, you can also copy & paste the content in
.pub file to ~/.ssh/authorized_key.

1
2
# on your server
cat yourkey.pub >> ~/.ssh/authorized_key

3.4. Test SSH connection

SSH connection can be established by:

1
2
3
ssh -i "path to private key" <username>@<ip address>
ssh -i "~/.ssh/rsa_mykey" myname@myaddr
ssh -T git@github.com

In addition you can edit ~/.ssh/config and connect by ssh <hostname>:

1
2
3
4
Host <hostname>
    HostName <ip address>
    User <user name>
    IdentityFile <path to identity file>

For the first time to connect to a new server on client end, verification of fingerprint is needed.

Reference