A Brief Intro to SSH
Because I haven't posted in a long time, and I want to maintain the image of being an active blogger, it's time to go over the basics of internet communication, bit by bit... sorry :S
It's not unusual to stumble upon the terms SSH and be a bit perplexed as to just what it is, how it works and what all the files and command line tools are for. This post will briefly cover some of that!
Table of Contents
SSH stands for Secure Shell and is a communication protocol that is characterized by encrypting communication between two ends. What!? Okay, two people (or two computers?) want to communicate over the internet, and they don't want anyone else to be able to know what they say. This is what SSH does.
It's most commonly used to securely remote-login. What that means, it's basically a person with access to a computer and a secret text file, on a random computer, that wants access to another computer to. There is multiple software that implement the SSH protocol, one of the most widely used being OpenSSH and is the one that comes pre-installed with Ubuntu for instance.
Some other noteworthy points:
- SSH uses a client-server model
- Two major versions released SSH-1 & SSH-2
- Standard TCP port 22
- Private key, also called an identity key, is a key that only you should have access to
- Public key, also known as an authorized key, is a key that is used to prove the identity and is not secret
- Identity keys and Authorized keys are jointly called User Keys.
Tools and Files
There are a lot of CLI tools and files associated with SSH, some of them are:
- ssh-keygen: creates a key pair for public key authentication
- ssh-copy-id: configures a public key as authorized on a server
- ssh-agent: agent to hold private key for single sign-on
- ssh-add: tool to add a key to the agent
- scp: file transfer client with RCP-like command interface (uses the Secure Copy Protocol)
- sftp: file transfer client with FTP-like command interface (uses the SSH File Transfer Protocol)
- sshd: OpenSSH server
- ~/.ssh/known_hosts: file containing list of known hosts, each server contains a host key so next time you connect, it can verify you are connecting to the same server
- ~/.ssh/id_<algorithm>: private key (default naming), algorithm can for instance be RSA, DSA, ECDSA
- ~/.ssh/id_<algorithm>.pub: public key (default naming)
- ~/.ssh/authorized_key: list of public keys which can be used to login to the server, usually located at root-owned locations (should only be writable by owner and root)
- /etc/ssh/ssh_host_<algorithm>: Private host keys stored on SSH servers
- /etc/ssh/ssh_host_<algorithm>.pub: Public host keys are stored on and/or distributed to SSH clients