A quick guide to ssh

Table of Contents

1 What is ssh?

ssh is a standard protocol (with many different software implementations) for interacting with computers over a network in an encrypted session. Using ssh protects your communications with a remote computer from eavesdroppers and provides methods for reliably authenticating computers and users.

2 Features of ssh

2.1 session encryption

  • all communication (after session negotiation) is encrypted
  • protocol is conceptually similar to (but not the same as) SSL/TLS
  • protection from network eavesdropping to collect usernames/password or other sensitive data

2.2 host authentication

  • hosts can be verified with public-key cryptography
  • typically on first connection you see a message like
The authenticity of host '52.26.151.118 (52.26.151.118)' can't be established.
RSA key fingerprint is 1f:cf:5c:16:95:f2:8a:eb:2d:4a:f9:99:53:ed:c5:24.
Are you sure you want to continue connecting (yes/no)?
  • In a high-security environment you might want to verify the host key fingerprint before accepting
  • accepting the key (with "yes") adds the public key to .ssh/known_hosts
  • future connections to the same host are verified with that public key
  • once you know a host's key, limits possibility of "man-in-the-middle" attacks where someone impersonates the remote host to monitor your communication
  • you get a scary warning if the host public key changes on the remote host

2.3 user authentication

  • You can also identify yourself to a remote host with similar public-key cryptography
  • doesn't require knowing or even having a password for the account on the remote host
  • generate a key with "ssh-keygen" and save to a file (like "my-id.pem")
  • place the public key (my-id.pub) in .ssh/authorized_keys on the remote host
  • use "ssh -i my-id.pem" to offer that identity key for authentication
  • almost always a good idea to password-protect identity keys (use a good, non-empty password when creating or "ssh-keygen -p" to add/change a password) since that also encrypts the private key data
  • you have to give the password when using the key
  • "ssh-agent" holds pre-unlocked keys that it will offer automatically (so you don't always have to use "ssh -i")
  • "ssh-add" installs keys in the current ssh-sgent
  • "ssh-add -d" deletes keys from ssh-agent
  • "ssh-add -l" shows keys currently loaded in ssh-agent

3 ssh usage

3.1 Log in to a remote host (using the same login name you have locally)

ssh remotehost.example.com

3.2 Log in to a remote host with a specified remote user account

ssh remoteuser@remotehost.example.com

3.3 Offer a specified identity key for authentication with -i

ssh -i my-id.pem remoteuser@remotehost.example.com
  • uses the private key file "my-id.pem"

3.4 lots of options

man ssh

3.5 .ssh/config to set preferences

man ssh_config

4 scp - transfer files via an ssh connection

4.1 scp from-spec to-spec

  • just like cp, but can specify host and user information in addition to a file path
  • remotehost.example.com:path – log in to remotehost.example.com, then get a file from the specified path
  • remoteuser@remotehost.example.com:path – specify a different remote user

4.2 upload a file to the remote host

scp local_file remoteuser@remotehost.example.com:remote_file

4.3 download a file from remote host

scp remoteuser@remotehost.example.com:remote_file local_file

4.4 can also use -i like ssh for identity keys for account authentication

scp -i my_id.pem remoteuser@remotehost.example.com:remote_file local_file

Author: Steve VanDevender

Created: 2019-07-01 Mon 14:23

Emacs 24.5.1 (Org mode 8.2.10)

Validate