Secure Your Remote Connection through SSH
Today I need to set up my connection to Redshift and need to use SSH (I got confused!). So just thinking it will be good to provide some basic information for anyone who needs to connect to a remote server and run commands on it.
The SSH protocol ( Secure Shell) is a method for secure remote login. It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
Secure Shell, or Secure Socket Shell, is a protocol which allows client to connect securely to a remote server. When a client connects to a server over SSH, the client can instruct command to the server from its local.
The server has a designated TCP port (port 22) where it’s always awaiting for clients to establish the connection.
The protocol consists of three distinct layers:
- The transport layer establishes safe communication through data encryption, and provides data compression and caching.
- The authentication layer controls the authentication process.
- The connection layer manages the communication between the machines after the authentication through management of communication channels.
The ssh key is a pair as you get two files, a public key and a private key. The public key is what you give to everyone so you can let them reach out to you. The private key is just that, your private key, that only you know where is.
So let’s generate our public key:
ssh-keygen -t rsa
# hit enter to put the key files in the default place
# hit enter to give an empty passphrase
# hit enter again to confirm
Here we’re generating a new key. By default it will be in
SSH supports several public key algorithms:
ed25519 . We can use
-t option and key size using the
-b option to instruct our preference:
ssh-keygen -t rsa -b 4096
ssh-keygen -t dsa
ssh-keygen -t ecdsa -b 521
ssh-keygen -t ed25519
If you want to check all existing ssh keys:
$ ls -al ~/.ssh
Once an SSH key has been created, we can use the
ssh-copy-id command to authorise the user to the server using the public key.
An authorized key in SSH is a public key used for granting login access to users. The authentication mechanism is called public key authentication.
ssh-copy-id -i ~/.ssh/id_rsa user@host
Replace the user and server with your username and the server you wish to use the key authentication on.
To check if the authentication has finished:
ssh -i ~/.ssh/id_rsa user@host
You should now log into the server, e.g.:
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux x86_64) * Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantageLast login: Mon Jan 25 11:42:17 2021 from 10.153.0.216
ssh-copy-id uses the SSH protocol to copy the key to the server. It edits the
authorized_keys file on the server, creates the
.ssh directory if it doesn't exist, and creates the authorised keys file if it doesn't exist.
ssh-agent is a program that can hold a user's private key, so that you won’t need to type the private key phrase every time(SSO).
To start the program:
~ eval `ssh-agent`
Agent pid 85876
Check if it’s already running:
To add the private key to the agent:
Enter passphrase for /Users/.ssh/id_rsa:
Identity added: /Users/.ssh/id_rsa (email@example.com)
ssh-agent is not automatically started at login, it can be started manually with the command
A connection to the agent can also be forwarded when logging into a server, allowing SSH commands on the server to use the agent running on the user's desktop.
In computer networking, port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host. wiki
There are three types of port forwarding with SSH:
- Local port forwarding: connections from the SSH client are forwarded to the SSH server, and then to a destination server
ssh -L sourcePort:forwardToHost:onPort connectToHost
- Remote port forwarding: connections from the SSH server are forwarded to the SSH client, and then to a destination server
ssh -R sourcePort:forwardToHost:onPort connectToHost
- Dynamic port forwarding: connections from various servers are forwarded via the SSH client, then via the SSH server, and finally to several destination servers
To illustrate it, I can’t think of better example than the graphs from the community.
There are other SSH commands besides the client
ssh. Each has its own page.
- scp — file transfer client with RCP-like command interface
- sftp — file transfer client with FTP-like command interface
- sshd — OpenSSH server
That’s so much of it!