Secure Shell (SSH)

🌐 The Complete Guide to SSH: From History to Troubleshooting

Secure Shell (SSH) is the backbone of remote system administration and a fundamental tool for developers. It's a cryptographic network protocol that allows for secure, encrypted communication between a client and a server over an unsecured network. Whether you're a beginner or an experienced professional, understanding SSH is crucial for managing remote servers, deploying applications, and working in a secure environment.

📜 A Brief History: What was used before SSH?
Before SSH, remote access was a risky business. The protocols used for remote logins and file transfers sent all data—including usernames and passwords—in plain text. This made them highly susceptible to snooping and Man-in-the-Middle attacks.

Telnet (TErminal NETwork): A text-based protocol that provided a command-line interface to a remote system. It was simple to use but sent all data, including login credentials, in plain text. A simple network sniffer could capture everything.

RSH (Remote Shell) & RLogin (Remote Login): Part of the Berkeley R-protocols, these were designed for remote execution of commands on trusted hosts. While they offered some convenience, they were fundamentally insecure, relying on host trust and transmitting data without encryption.

The creation of SSH was a direct response to these security vulnerabilities. In 1995, Finnish computer scientist Tatu Ylönen developed the first version of SSH after a password-sniffing attack on his university's network. The goal was simple: to create a secure, encrypted replacement for these insecure protocols.

🛡️ Why SSH is Used: Security and Functionality
SSH's primary purpose is to provide a secure channel for communication. It achieves this through a combination of asymmetric (public-key) cryptography and symmetric encryption.

• Encryption: All data exchanged between the client and server is encrypted. This prevents anyone from intercepting and reading sensitive information, such as passwords, command output, and files being transferred.
• Authentication: SSH supports multiple authentication methods, most notably password authentication and public-key authentication. Public-key authentication is the more secure method, as it eliminates the risk of brute-force password attacks.
• Port Forwarding & Tunnels: SSH can create secure tunnels to forward network traffic from one port to another, a practice known as SSH tunneling. This is invaluable for securing non-encrypted services (like a database connection) over a public network.
• File Transfer: SSH includes built-in protocols for secure file transfers, namely SCP (Secure Copy Protocol) and SFTP (SSH File Transfer Protocol). These provide a secure alternative to FTP.

⚙️ The SSH Daemon and its Components
For SSH to work, a client must connect to a server that is running an SSH daemon.

The Daemon: The server-side program that listens for incoming SSH connection requests. On most Linux systems, the daemon is called sshd (SSH Daemon), and the package is typically openssh-server.

The Port: The default port for SSH is TCP port 22. For security reasons, many system administrators change this to a non-standard port to avoid automated attacks.

🖥️ Essential SSH Commands
The ssh command is the main client tool used to connect to a remote server.

Basic Connection:

Bash

ssh [user]@[host]
# Example: ssh root@192.168.1.100
# Example: ssh jdoe@myserver.com

Specifying a Custom Port:

Bash

ssh -p [port] [user]@[host]
# Example: ssh -p 2222 root@192.168.1.100

Common File Transfer Commands:

SCP (Secure Copy): Used to copy files between a local host and a remote host.

Local to Remote: scp /path/to/local/file [user]@[host]:/path/to/remote/directory

Remote to Local: scp [user]@[host]:/path/to/remote/file /path/to/local/directory

SFTP (SSH File Transfer Protocol): An interactive shell for file transfers.

sftp [user]@[host]

Once connected, you can use commands like ls, put, and get.

📂 Key SSH Files and Their Locations
Understanding these files is crucial for configuring and troubleshooting SSH.

~/.ssh/: The user's SSH configuration directory. The tilde (~) represents the user's home directory (/home/user/).

config: The client-side configuration file. It can be used to set aliases and specific settings for different hosts to simplify commands (e.g., ssh myserver).

id_rsa (or id_ed25519): The user's private key. This file must be kept secure and have strict permissions (chmod 600).

id_rsa.pub (or id_ed25519.pub): The user's public key. This is the key you share with the server.

authorized_keys: Located on the server at ~/.ssh/authorized_keys. This file contains the public keys of all clients that are permitted to log in to the server using key-based authentication.

known_hosts: A file on the client that stores the public keys of all servers the user has connected to. This file prevents "man-in-the-middle" attacks by warning you if a host's key has changed.

/etc/ssh/: The system-wide SSH configuration directory.

ssh_config: The global client configuration file.

sshd_config: The primary server configuration file. This is where you configure port numbers, disable password authentication, restrict users, and other critical security settings.

🔧 How to Configure SSH for Public-Key Authentication
Public-key authentication is the recommended and most secure way to use SSH.

Generate a Key Pair: On your local machine, run ssh-keygen. You will be prompted to choose a location to save the key and to enter a passphrase (optional but recommended for an extra layer of security).

Copy the Public Key to the Server: Use the ssh-copy-id command, which handles the entire process for you:

Bash

ssh-copy-id [user]@[host]
# It will prompt for the user's password on the server for the first time

Disable Password Authentication (Optional but Recommended): Edit the sshd_config file on the server:

Bash

sudo nano /etc/ssh/sshd_config

Find the line #PasswordAuthentication yes and change it to PasswordAuthentication no.

Restart the SSH service:

Bash

sudo systemctl restart sshd

❓ Troubleshooting: Reasons Why SSH Might Not Work
An SSH connection can fail for several reasons. Here are the most common:

SSH Service is Not Running: The sshd daemon on the server might be stopped.

Fix: Check and start the service: sudo systemctl status sshd and sudo systemctl start sshd.

Wrong Port: You are trying to connect to the wrong port. The server's port may have been changed from the default 22.

Fix: Use the -p flag to specify the correct port.

Firewall Rules: A firewall on either the client or server is blocking the connection on the SSH port.

Fix: Check firewall rules (e.g., ufw status, iptables -L) and allow connections on the SSH port.

Incorrect Credentials: Incorrect username or password, or an issue with your public/private key pair.

Fix: Double-check your username and password. For key issues, verify permissions on ~/.ssh/ directory and authorized_keys file.

Permissions Issues: SSH is very strict about file permissions. The~/.ssh directory should be 700, and authorized_keys should be 600.

Fix: chmod 700 ~/.ssh/and chmod 600 ~/.ssh/authorized_keys.