SSH basis.
SSH, or Secure Shell, is a protocol used for securely connecting to and managing remote computers over an unsecured network. It was developed in 1995 by Tatu Ylönen as a replacement for the less secure Telnet and rsh protocols.
Imagine you have two computers, one in your room and another at your friend's house across town. You want to control the computer in your friend's house remotely from your room without anyone else being able to see or interfere with what you're doing. That's what SSH does, but for a computer network instead of your home.
When you use SSH, it sets up an encrypted tunnel between your computer and the remote one, so anything you send over that connection is secure from prying eyes. It's like sending your secret messages inside a locked box that only you and your friend have the key to open. This way, even if someone somehow intercepted your communication, they wouldn't be able to understand what was being said.
SSH also allows for password-less logins, meaning once you've set it up properly, all you need to do is enter a command on your local machine and presto! You're connected to the remote one without needing to enter a username or password each time. This makes managing multiple servers much easier and more efficient.
SSH keys are a pair of cryptographic keys used for authentication when connecting to an SSH server. They provide a more secure way of logging into a remote machine than using a password alone. The two keys in the pair are:
Public Key: This is shared with the world (hence "public"). It's given to the server you want to connect to, and it lets the server know that your private key belongs to you.
Private Key: This one must remain secret and should only be known by you or your computer. The private key is used to sign in when connecting to a remote machine, proving that you are who you say you are.
Think of it like this: Let's say you have a favorite restaurant where they know you well. When you go there, they might ask for your ID (public key) just to confirm it's really you. But once they see your ID and recognize you, they don't need to ask for proof every time you come back. That's like how SSH uses the public key for initial recognition, but then relies on the private key for future authentication.
Using SSH keys is much more secure than using a password because even if someone somehow gets hold of your public key (which isn't really a secret), they still wouldn't be able to connect to the remote machine without your private key. This means that even if you have a weak or compromised password, your SSH connection would still be protected.
Here are the steps to set up SSH keys and connection with keys on Ubuntu:
- Generate SSH Key Pair:
Use the following command to generate an RSA key pair (you can choose different types of keys like DSA, ECDSA or ED25519).
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
This command will prompt you to enter a file path for your key pair (press Enter to accept the default location) and then ask you to enter a passphrase. It's recommended to use a passphrase, but it is optional.
- Add SSH Key to SSH Agent:
Start the ssh-agent in the background:
eval "$(ssh-agent -s)"
Add your private key to the agent:
ssh-add ~/.ssh/id_rsa
- Share Your Public Key:
Copy your public key to clipboard:
pbcopy <~/.ssh/id_rsa.pub
or you can use the following command if pbcopy is not available:
cat ~/.ssh/id_rsa.pub | xclip -selection c
This will copy your public key to your clipboard, and you can paste it onto a website or server where you want SSH access.
- Configure SSH Client:
Create an SSH configuration file if it doesn't exist:
touch ~/.ssh/config
Add the following lines to your SSH config file, replacing your_username
and your_hostname
as appropriate:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
Host your_hostname
HostName your_hostname
User your_username
- Test SSH Connection:
Now you can test your SSH connection by using the following command:
ssh your_username@your_hostname
If everything is set up correctly, you should be connected to the remote server without being prompted for a password.