ALL ABOUT SSH

ALL ABOUT SSH

Harsh Hacker
Secure Shell Protocol

SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

How do I use SSH?

You use a program on your computer (ssh client), to connect to our service (server) and transfer the data to/from our storage using either a graphical user interface or command line. There are many programs available that enable you to perform this transfer and some operating systems such as Mac OS X and Linux have this capability built in.

SSH clients will typically support SCP (Secure Copy) and/or SFTP (SSH File Transfer Protocol) for transferring data; we tend to recommend using SFTP instead of SCP but both will work with our service.

For Mac and Linux users, head over to your terminal program and then follow the procedure below:

The SSH command consists of 3 distinct parts:

ssh {user}@{host}

The SSH key command instructs your system that you want to open an encrypted Secure Shell Connection. {user} represents the account you want to access. For example, you may want to access the root user, which is basically synonymous for system administrator with complete rights to modify anything on the system. {host} refers to the computer you want to access. This can be an IP Address (e.g. 127.0.0.0.1) or a domain_name e.g.www.xyzdomain.com

When you hit enter, you will be prompted to enter the password for the requested account. When you type it in, nothing will appear on the screen, but your password is, in fact being transmitted. Once you’re done typing, hit enter once again. If your password is correct, you will be greeted with a remote terminal window.

How to Access a Remote Server

To connect to a remote machine, you need its IP address or name. Load the terminal or any SSH client and type ssh followed by the IP address:

ssh 192.168.56.101

or name:

ssh test.server.com

The first time you connect to a host, you’ll see this message:


Type yes and hit enter. You may need to enter your password as well.

Specify a Username for SSH connection

SSH uses the current user when accessing a remote server. To specify a user for an SSH connection, run the command in this format:

ssh username@hostname_or_ip

For instance:

ssh testuser@10.0.0.55

Note: If you encounter “Connection refused” error, please refer to our guide SSH “Connection Refused” for solutions.


Use a Different Port Number for SSH Connection

By default, the SSH server listens for a connection on port 22. If the port setting in the SSH config file has been changed, you’ll need to specify the port. Otherwise, you will get this error:



To connect to a remote host with a custom SSH port number, use the -p flag. For example:

ssh test.server.com -p 3322

Generate SSH Keys Using SSH Keygen

To improve the security of SSH connections, generate a key pair with the keygen utility. The pair consists of a public and private key. The public key can be shared, while the private key needs to stay secure.

SSH key pairs are used to authenticate clients to servers automatically. When you create an SSH key pair, there is no longer a need to enter a password to access a server.

On the host machine’s terminal, use this command to create a key pair:

ssh-keygen -t rsa

To use default settings, hit Enter on the prompts for file location and passphrase.

Copy Public SSH Key

To use the key pair for SSH authentication, you’ll need to copy the public key to a server. The key is the file id_rsa.pub previously created with SSH keygen utility.

To copy your key to a server, run this command from the client:

ssh-copy-id hostname_or_IP

You can also specify a username if you don’t want to use the current user.

Enter the password to authenticate when asked. After this, you will no longer need to use the password to connect to the same server.

Copy a File Remotely over SSH with SCP

You can securely copy files over the SSH protocol using the SCP tool. The basic syntax is:

scp fileName user@remotehost:/home/username/destination

For example, to copy a file sample3 to your Desktop on a remote server with a username test, type in:

scp sample3 test@10.0.10.5:/home/test/Desktop

The output shows a summary of the operation.


Make sure to use the uppercase -P flag if you need to specify the port.

Edit SSH Config File

You can control how remote users can access a server via the SSH. Edit the settings in the sshd_config file to customize SSH server options. Make sure to edit only the options you are familiar with. A server can become inaccessible due to bad configuration.

Use the editor of your choice to edit the file. You’ll need superuser permissions to make changes. In Linux, we use vim:

In the command line on a remote host, type in:

sudo vim /etc/ssh/sshd_config

Enter the sudo password, and the shell opens the file in the editor you used.

Restart SSH service

When you make changes to the SSH configuration, you’ll need to restart the service in Linux.

Depending on the Linux distro, run one of the following commands on the machine where you modified the settings:

sudo ssh service restart

or:

sudo sshd service restart

Finally, enter the password to complete the process. As a result, the next SSH session will use the new settings.

Basic SSH Commands

Working on a remote server using SSH requires knowing basic SSH commands. Use the commands and options in this article to manage a remote host. Note that you can combine the flags to get the output you need.

Show Working Directory Path

Use the pwd command to show the file system path.


The output displays the location of the directory you are in.

List Files and Directories

Change Directory

To list the contents of a current working folder, use the ls command.

The shell will show the names of all directories, files, and links. To get more information, add one of the following flags:

  • -a displays hidden Linux files and entries starting with a dot.
  • -l shows file details for directory contents. For example, the output includes permissions, ownership, date, etc.
  • -s lists the size of files, in blocks. Add -h to show the size in a humanly-readable form.

To navigate to a specific folder, use the cd command and a name or path of a directory.

cd Desktop/Downloads/Sample

Remember that the names are case sensitive. Use cd without a name or path to return to the user’s home directory.

Useful cd options include:

  • cd .. go to the directory one level higher than your current location.
  • cd - switch to the previous directory.
  • cd / go to the root directory.

Copy a File

Use the cp command to copy a file or directory. You’ll need to include the name of the file and the target location.

cp fileName /directory/path/destination

To copy file1 from Desktop to Dir1, type in:

cp file1 Dir1

To change the name of file1 while copying it to another destination, use this format:

cp file1 Dir1/Newfile1Name

This command copies file1 to Dir1 with a name you specify.

To copy a directory and its contents, use the -r flag in this format:

cp -r Directory1 NewLocation

Move a File

The mv command works in the same manner as the copy command.

For instance, to move a file to another location, type in:

mv fileName directory/path/destination

Create a File

The touch command allows you to create a new file with any extension.

In the terminal, enter the following command:

touch fileName

For example, to create a system.log file, type in:

touch system.log

Create a Directory

To create a directory, use the mkdir command. Enter a new directory name or full path in this format:

mkdir NewDirectoryName

Or:

mkdir directory/path/NewDirectoryName

Delete a File or Directory

To delete a Linux file , use rm in this format:

rm fileName

In addition, you can enter a full path:

rm /home/user/dir1/fileName

To delete a directory, add the -r flag to the rm command.

View Network Information

To view the status of all network adapters, use the ifconfig command. Moreover, when you don’t use any options with ifconfig, the output displays only active interfaces.


Clear the Terminal Screen

To clear the current working area of your bash screen, type clear in the shell. This command clears one portion of the screen and shifts up the previous output.

To remove the output from the terminal completely, use the reset command.

Run a Command on a Remote Server from a Local Computer

This method does not create a new shell. Instead, it runs a command and returns the user to the local prompt. You can create a file, copy files, or run any other SSH command in this format.

To remotely execute a command from the local machine, append an instruction to the SSH command. For example, to delete a file, type in:

ssh test.server.com rm ~/Desktop/Dir1/sample4

Enter the password, and the file on the remote server will be deleted without creating a new shell.

Understanding Different Encryption Techniques

The significant advantage offered by SSH over its predecessors is the use of encryption to ensure secure transfer of information between the host and the client. Host refers to the remote server you are trying to access, while the client is the computer you are using to access the host. There are three different encryption technologies used by SSH:

  1. Symmetrical encryption
  2. Asymmetrical encryption
  3. Hashing.

Symmetric Encryption

Symmetric encryption is a form of encryption where a secret key is used for both encryption and decryption of a message by both the client and the host. Effectively, any one possessing the key can decrypt the message being transferred.

SSH tutorial - Symmetric Encryption


Symmetrical encryption is often called shared key or shared secret encryption. There is usually only one key that is used, or sometimes a pair keys where one key can easily be calculated using the other key.

Symmetric keys are used to encrypt the entire communication during a SSH Session. Both the client and the server derive the secret key using an agreed method, and the resultant key is never disclosed to any third party. The process of creating a symmetric key is carried out by a key exchange algorithm. What makes this algorithm particularly secure is the fact that the key is never transmitted between the client and the host. Instead, the two computers share public pieces of data and then manipulate it to independently calculate the secret key. Even if another machine captures the publically shared data, it won’t be able to calculate the key because the key exchange algorithm is not known.

It must be noted, however, that the secret token is specific to each SSH session, and is generated prior to client authentication. Once the key has been generated, all packets moving between the two machines must be encrypted by the private key. This includes the password typed into the console by the user, so credentials are always protected from network packet sniffers.

A variety of symmetrical encryption ciphers exist, including, but not limited to, AES (Advanced Encryption Standard), CAST128, Blowfish etc. Before establishing a secured connection, the client and a host decide upon which cipher to use, by publishing a list of supported cyphers in order of preference. The most preferred cypher from the clients supported cyphers that is present on the host’s list is used as the bidirectional cypher.

For example, if two Ubuntu 14.04 LTS machines are communicating with each other over SSH, they will use aes128-ctr as their default cipher.

Asymmetric Encryption

Unlike symmetrical encryption, asymmetrical encryption uses two separate keys for encryption and decryption. These two keys are known as the public key and the private key. Together, both these keys form a public-private key pair.

Asymmetric Encryption


The public key, as the name suggest is openly distributed and shared with all parties. While it is closely linked with the private key in terms of functionality, the private key cannot be mathematically computed from the public key. The relation between the two keys is highly complex: a message that is encrypted by a machine’s public key, can only be decrypted by the same machine’s private key. This one-way relation means that the public key cannot decrypt its own messages, nor can it decrypt anything encrypted by the private key.

The private key must remain private i.e. for the connection to be secured, no third party must ever know it. The strength of the entire connection lies in the fact that the private key is never revealed, as it is the only component capable of decrypting messages that were encrypted using its own public key. Therefore, any party with the capability to decrypt publically signed messages must possess the corresponding private key.

Unlike the general perception, asymmetrical encryption is not used to encrypt the entire SSH session. Instead, it is only used during the key exchange algorithm of symmetric encryption. Before initiating a secured connection, both parties generate temporary public-private key pairs, and share their respective private keys to produce the shared secret key.

Once a secured symmetric communication has been established, the server uses the clients public key to generate and challenge and transmit it to the client for authentication. If the client can successfully decrypt the message, it means that it holds the private key required for the connection. The SSH session then begins.

Hashing

One-way hashing is another form of cryptography used in Secure Shell Connections. One-way-hash functions differ from the above two forms of encryption in the sense that they are never meant to be decrypted. They generate a unique value of a fixed length for each input that shows no clear trend which can exploited. This makes them practically impossible to reverse.

Hash


It is easy to generate a cryptographic hash from a given input, but impossible to generate the input from the hash. This means that if a client holds the correct input, they can generate the crypto-graphic hash and compare its value to verify whether they possess the correct input.

SSH uses hashes to verify the authenticity of messages. This is done using HMACs, or Hash-based Message Authentication Codes. This ensures that the command received is not tampered with in any way.

While the symmetrical encryption algorithm is being selected, a suitable message authentication algorithm is also selected. This works in a similar way to how the cipher is selected, as explained in the symmetric encryption section.

Each message that is transmitted must contain a MAC, which is calculated using the symmetric key, packet sequence number, and the message contents. It is sent outside the symmetrically encrypted data as the concluding section of the communication packet.

How Does SSH Work with These Encryption Techniques

The way SSH works is by making use of a client-server model to allow for authentication of two remote systems and encryption of the data that passes between them.

SSH operates on TCP port 22 by default (though this can be changed if needed). The host (server) listens on port 22 (or any other SSH assigned port) for incoming connections. It organizes the secure connection by authenticating the client and opening the correct shell environment if the verification is successful.

SSH Client and Server


The client must begin the SSH connection by initiating the TCP handshake with the server, ensuring a secured symmetric connection, verifying whether the identity displayed by the server match previous records (typically recorded in an RSA key store file), and presenting the required user credentials to authenticate the connection.

There are two stages to establishing a connection: first both the systems must agree upon encryption standards to protect future communications, and second, the user must authenticate themselves. If the credentials match, then the user is granted access.

Session Encryption Negotiation

When a client tries to connect to the server via TCP, the server presents the encryption protocols and respective versions that it supports. If the client has a similar matching pair of protocol and version, an agreement is reached and the connection is started with the accepted protocol. The server also uses an asymmetric public key which the client can use to verify the authenticity of the host.

Once this is established, the two parties use what is known as a Diffie-Hellman Key Exchange Algorithm to create a symmetrical key. This algorithm allows both the client and the server to arrive at a shared encryption key which will be used henceforth to encrypt the entire communication session.

Here is how the algorithm works at a very basic level:

  1. Both the client and the server agree on a very large prime number, which of course does not have any factor in common. This prime number value is also known as the seed value.
  2. Next, the two parties agree on a common encryption mechanism to generate another set of values by manipulating the seed values in a specific algorithmic manner. These mechanisms, also known as encryption generators, perform large operations on the seed. An example of such a generator is AES (Advanced Encryption Standard).
  3. Both the parties independently generate another prime number. This is used as a secret private key for the interaction.
  4. This newly generated private key, with the shared number and encryption algorithm (e.g. AES), is used to compute a public key which is distributed to the other computer.
  5. The parties then use their personal private key, the other machine’s shared public key and the original prime number to create a final shared key. This key is independently computed by both computers but will create the same encryption key on both sides.
  6. Now that both sides have a shared key, they can symmetrically encrypt the entire SSH session. The same key can be used to encrypt and decrypt messages (read: section on symmetrical encryption).

Now that the secured symmetrically encrypted session has been established, the user must be authenticated.

Authenticating the User

The final stage before the user is granted access to the server is authenticating his/her credentials. For this, most SSH users use a password. The user is asked to enter the username, followed by the password. These credentials securely pass through the symmetrically encrypted tunnel, so there is no chance of them being captured by a third party.

Although passwords are encrypted, it is still not recommended to use passwords for secure connections. This is because many bots can simply brute force easy or default passwords and gain access to your account. Instead, the recommended alternative is SSH Key Pairs.

These are a set of asymmetric keys used to authenticate the user without the need of inputting any password.


Thank you all for your attention!

If you like our content, join our Telegram channel for more hacking & tech related posts - @HARSH_HACKER_YT

Report Page