Jan 25, 2021
Secure Your Remote Connection through SSH
Today I need to set up my connection to Redshift and need to use SSH (I got confused!). So just thinking it will be good to provide some basic information for anyone who needs to connect to a remote server and run commands on it.
Ssh Protocol
The SSH protocol ( Secure Shell) is a method for secure remote login. It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
Secure Shell, or Secure Socket Shell, is a protocol which allows client to connect securely to a remote server. When a client connects to a server over SSH, the client can instruct command to the server from its local.
The server has a designated TCP port (port 22) where it’s always awaiting for clients to establish the connection.
The protocol consists of three distinct layers:
- The transport layer establishes safe communication through data encryption, and provides data compression and caching.
- The authentication layer controls the authentication process.
- The connection layer manages the communication between the machines after the authentication through management of communication channels.
Ssh Keys
The ssh key is a pair as you get two files, a public key and a private key. The public key is what you give to everyone so you can let them reach out to you. The private key is just that, your private key, that only you know where is.
So let’s generate our public key:
ssh-keygen -t rsa
# hit enter to put the key files in the default place
# hit enter to give an empty passphrase
# hit enter again to confirmHere we’re generating a new key. By default it will be in ~/.ssh directory.
Algorithms
SSH supports several public key algorithms:rsa ,dsa ,ecdsa ,ed25519 . We can use -t option and key size using the -b option to instruct our preference:
ssh-keygen -t rsa -b 4096
ssh-keygen -t dsa
ssh-keygen -t ecdsa -b 521
ssh-keygen -t ed25519If you want to check all existing ssh keys:
$ ls -al ~/.ssh Ssh-copy
Once an SSH key has been created, we can use the ssh-copy-id command to authorise the user to the server using the public key.
An authorized key in SSH is a public key used for granting login access to users. The authentication mechanism is called public key authentication.
ssh-copy-id -i ~/.ssh/id_rsa user@hostReplace the user and server with your username and the server you wish to use the key authentication on.
To check if the authentication has finished:
ssh -i ~/.ssh/id_rsa user@hostYou should now log into the server, e.g.:
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux x86_64) * Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantageLast login: Mon Jan 25 11:42:17 2021 from 10.153.0.216
ssh-copy-id uses the SSH protocol to copy the key to the server. It edits the authorized_keys file on the server, creates the .ssh directory if it doesn't exist, and creates the authorised keys file if it doesn't exist.
Ssh-agent
ssh-agent is a program that can hold a user's private key, so that you won’t need to type the private key phrase every time(SSO).
To start the program:
~ eval `ssh-agent`
Agent pid 85876Check if it’s already running:
echo $SSH_AGENT_SOCKTo add the private key to the agent:
~ ssh-add
Enter passphrase for /Users/.ssh/id_rsa:
Identity added: /Users/.ssh/id_rsa (ey@gmail.com)If ssh-agent is not automatically started at login, it can be started manually with the command
eval `ssh-agent`A connection to the agent can also be forwarded when logging into a server, allowing SSH commands on the server to use the agent running on the user's desktop.
Ssh Forward
In computer networking, port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host. wiki
There are three types of port forwarding with SSH:
- Local port forwarding: connections from the SSH client are forwarded to the SSH server, and then to a destination server
ssh -L sourcePort:forwardToHost:onPort connectToHost- Remote port forwarding: connections from the SSH server are forwarded to the SSH client, and then to a destination server
ssh -R sourcePort:forwardToHost:onPort connectToHost- Dynamic port forwarding: connections from various servers are forwarded via the SSH client, then via the SSH server, and finally to several destination servers
To illustrate it, I can’t think of better example than the graphs from the community.
There are other SSH commands besides the client ssh. Each has its own page.
- scp — file transfer client with RCP-like command interface
- sftp — file transfer client with FTP-like command interface
- sshd — OpenSSH server
That’s so much of it!
Happy Reading!
