Secure Your Remote Connection through SSH

Photo by Aldebaran S on Unsplash

Today I need to set up my connection to Redshift and need to use SSH (I got confused!). So just thinking it will be good to provide some basic information for anyone who needs to connect to a remote server and run commands on it.

Ssh Protocol

Secure Shell, or Secure Socket Shell, is a protocol which allows client to connect securely to a remote server. When a client connects to a server over SSH, the client can instruct command to the server from its local.

The server has a designated TCP port (port 22) where it’s always awaiting for clients to establish the connection.

The protocol consists of three distinct layers:

  • The transport layer establishes safe communication through data encryption, and provides data compression and caching.
  • The authentication layer controls the authentication process.
  • The connection layer manages the communication between the machines after the authentication through management of communication channels.

Ssh Keys

The ssh key is a pair as you get two files, a public key and a private key. The public key is what you give to everyone so you can let them reach out to you. The private key is just that, your private key, that only you know where is.

So let’s generate our public key:

ssh-keygen -t rsa
# hit enter to put the key files in the default place
# hit enter to give an empty passphrase
# hit enter again to confirm

Here we’re generating a new key. By default it will be in ~/.ssh directory.

Algorithms

SSH supports several public key algorithms:rsa ,dsa ,ecdsa ,ed25519 . We can use -t option and key size using the -b option to instruct our preference:

ssh-keygen -t rsa -b 4096
ssh-keygen -t dsa
ssh-keygen -t ecdsa -b 521
ssh-keygen -t ed25519

If you want to check all existing ssh keys:

$ ls -al ~/.ssh 

Ssh-copy

Once an SSH key has been created, we can use the ssh-copy-id command to authorise the user to the server using the public key.

ssh-copy-id -i ~/.ssh/id_rsa user@host

Replace the user and server with your username and the server you wish to use the key authentication on.

To check if the authentication has finished:

ssh -i ~/.ssh/id_rsa user@host

You should now log into the server, e.g.:

Welcome to Ubuntu 18.04.4 LTS (GNU/Linux x86_64) * Documentation:  https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Last login: Mon Jan 25 11:42:17 2021 from 10.153.0.216

ssh-copy-id uses the SSH protocol to copy the key to the server. It edits the authorized_keys file on the server, creates the .ssh directory if it doesn't exist, and creates the authorised keys file if it doesn't exist.

Ssh-agent

ssh-agent is a program that can hold a user's private key, so that you won’t need to type the private key phrase every time(SSO).

To start the program:

~ eval `ssh-agent`
Agent pid 85876

Check if it’s already running:

echo $SSH_AGENT_SOCK

To add the private key to the agent:

~ ssh-add
Enter passphrase for /Users/.ssh/id_rsa:
Identity added: /Users/.ssh/id_rsa (ey@gmail.com)

If ssh-agent is not automatically started at login, it can be started manually with the command

eval `ssh-agent`

A connection to the agent can also be forwarded when logging into a server, allowing SSH commands on the server to use the agent running on the user's desktop.

Ssh Forward

There are three types of port forwarding with SSH:

  • Local port forwarding: connections from the SSH client are forwarded to the SSH server, and then to a destination server
ssh -L sourcePort:forwardToHost:onPort connectToHost
  • Remote port forwarding: connections from the SSH server are forwarded to the SSH client, and then to a destination server
ssh -R sourcePort:forwardToHost:onPort connectToHost
  • Dynamic port forwarding: connections from various servers are forwarded via the SSH client, then via the SSH server, and finally to several destination servers

To illustrate it, I can’t think of better example than the graphs from the community.

There are other SSH commands besides the client ssh. Each has its own page.

  • scp — file transfer client with RCP-like command interface
  • sftp — file transfer client with FTP-like command interface
  • sshd — OpenSSH server

That’s so much of it!

Happy Reading!