Skip to main content

Secure Shell (SSH)

key things to know about SSH

  • SSH stands for Secure Shell.
  • SSH is a protocol that allows you to securely connect to a remote server or computer.
  • SSH is a secure way to access a remote computer.
  • SSH is a secure way to transfer files between computers.
  • SSH is a secure way to run commands on a remote computer.
  • SSH is a secure way to tunnel other protocols.
  • SSH is a secure way to forward ports.
  • SSH is a secure way to encrypt your traffic.
  • SSH is a secure way to authenticate yourself to a remote computer.

SSH Keys

  • SSH keys are a pair of cryptographic keys that can be used to authenticate to an SSH server.
  • SSH keys are used to authenticate to an SSH server.

How SSH keys work?

  1. When you generate a new ssh key, you get two files, a public key and a private key.
  2. The public key is what you give to everyone else and is not a secret. You're basically giving them a key hole and telling them to install it on a door for you.
  3. The private key is just that, your private key. You will never reveal this key to anyone. If anyone does get ahold of this key they can freely masquerade as you. This is the key to the key hole. If you do accidentally reveal your private key ever, you should immediately stop using it and make a new one.

If you want to dig a bit deeper, check out the Wikipedia page on Diffie-Hellman key exchange. Fascinating history. This isn't the same as what ssh uses but rather the first sort of public key encryption that existed.

So, on the primary, let's generate our public key. Run this:

ssh-keygen -t rsa
# hit enter to put the key files in the default place
# hit enter to give an empty passphrase
# hit enter again to confirm

Here we're generating a new random key. This key is essentially unguessable and therefore unless something unreal happens, is unhackable from a brute force perspective. We're telling it to put everything in the ~/.ssh directory which is standard. Lastly we're electing to not give it a passphrase. In general it's a good idea to give it a passphrase so that anytime you use the SSH key you need to enter a passphrase (and frequently you can save a passkey to something like macOS's keychain) but in this case we're okay to skip it in the name of a demo.

hassanali:~/.ssh$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hassanali/.ssh/id_rsa): id_github
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_github
Your public key has been saved in id_github.pub
The key fingerprint is:
SHA256:Zka90HwT1sHMA52fvvxuHkQt60yMIUT6Z++Lhfqs+oe4 hassanali@hassanali-pk
The key's randomart image is:
+---[RSA 3072]----+
|        o=..     |
|     + . o= .    |
|    . = = oo     |
|     o + *  . +  |
|      = S o. = . |
|     o o .. . + .|
|        .oo. + o |
|     E ..+o+..o .|
|    oo. =*=.+o.++|
+----[SHA256]-----+
hassanali:~/.ssh$ ls
id_github  id_github.pub  known_hosts
  • id_github is the private key.
  • id_github.pub is the public key.
info

If you accidentally reveal your private one, delete the file,regenerate them because at that point you can just consider it compromised.And it's also really, as it should,it's very easy to regenerate them, so don't worry about that.