Secure Shell(SSH) is a cryptographic networking protocol for securely getting access to a remote computer with the command line interface. It provides a secure channel over the unsecured network to execute a command and operate a system remotely in a client-server architecture. SSH was designed as an alternative of telnet and other unsecured remote shell protocols such as Berkely rlogin, rsh(remote shell), and rexec(remote execution) protocols, etc.
How Does It Work
To establish an SSH connection between the client and server we need to have two components the first one is SSH client application and another one is SSH Dameon which is a corresponding server-side component. The SSH Daemon constantly listening to a specific TCP/IP port for possible client connection requests. The client uses host information to initiate a connection if the credential verified successfully on the server, an encrypted connection gets established.
Installing OpenSSH Client
OpenSSH is an open-source ssh tool that widely used for Unix and Unix like systems. It requires access to the terminal on the server and the computer that you want to connect. Many Linux distributions come with pre-installed OpenSSH client.
You can check it by executing the following command in your terminal.
$ ssh
It will display something like this –
That means it is ready for use and can be connected to a remote system. Otherwise, you will have to install the application in your system. If you don’t have in your system, you can install it by using the given command-
$ sudo apt-get install openssh-client
Next, it will ask you to enter the superuser password, once you enter, it will start the installation process.
Once it gets completed you can use it to connect with server-side ssh application.
Installing OpenSSH Server
To start listening to the SSH connection requests made by the client a server needs to configured with the OpenSSH server. To check if OpenSSH server is installed on your computer or not, execute the following command in your terminal –
$ ssh localhost
If it responds something like this –
That means the OpenSSH server is not installed on your system. You can use the following command to install it on your system.
$ sudo apt-get install openssh-server
Once it gets installed you can check the status of the server by using the given command-
$ sudo service ssh status
As you can see above our ssh server is active ( running).
How To Connect Via SSH
Now OpenSSH client and server application has been set up you can start using it by establishing an SSH connection between them-
Open your terminal and execute the following command –
$ ssh username@host_ip_address
For example-
$ ssh lalit@127.0.0.1
or if you are connecting on the internet the syntax for using ssh will be something like this-
$ ssh username@example.com
SSH Public Key Authentication
There are various ways to authenticate a user on a remote system one of them is public-key authentication. SSH uses public-key cryptography to authenticate the remote computer. It is a robust and more secure alternative to logging in with an account password. Asymmetric cryptographic algorithms are used to generate a pair of keys one is private which is kept secret and store in a local computer and the other one is the public key which can be shared anywhere.
Setup public key authentication using ssh on Linux-
To set up public-key authentication using SSH in a Linux/Unix System follow the given steps:
1. Login into your system that you would like to connect to a remote computer. And use the following command to generate key pair (RSA keys)-
$ ssh-keygen -t rsa
You will be prompted to enter –
- Filename – Enter the filename and press enter to proceed if you don’t pass any name it will proceed with the default one i.e. id_rsa
- password- Enter at least five-character password and retype it if asked again and press enter. You can skip it also but protecting your keys with a password is a good idea. Now a pair of public and private keys will be generated in the
/home/lalit/.ssh/directory.
2. Use the following command to copy the public key to the remote server
$ ssh-copy-id root@server-ip-address
For example –
$ ssh-copy-id root@34.66.17.114
(Use the IP address of the server that you want to connect)
Or instead of using the above method, you can use SCP to copy the public key file to your account on the remote system. SCP(Secure copy) is a utility that can be used to transfer files securely between client and server computers.
$ scp ~/.ssh/id_rsa.pub remote_user@remote-ip-address:file-location
3. If you are using SCP to copy the file then login into the remote system using username and password and add your public key ~/.ssh/authorized_keys file if the remote system does not contain this file you can create by using the following command –
$ mkdir -p ~/.ssh $ touch ~/.ssh/authorized_keys
Now copy the content of the public key file to authorized_key you can use the following command
$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
You can delete the copied public key file that is saved into your account in the remote system. To remove it execute the following command in your terminal-
$ rm ~/id_rsa.pub
You need to keep in mind that you are using the correct path of a file or directory and then execute the command.
4. Now you should be able to establish an ssh connection between the local and the remote computer. Execute the following command –
$ ssh user@server-ip-location
This will prompt you to enter the password that you set on the private key which is saved on your local computer. Once you enter and press enter or return key it will be get connected. Look at the image below-
Now I hope it gives you a basic understanding of using ssh and authenticating a user using public-key authentication. If you would like to say something on the topic or have a query regarding it please write to us in the comments below.