212.3 Secure shell (SSH) (weight: 4)

Tech Tutorial: 212.3 Secure Shell (SSH) (weight: 4) #

Introduction #

Secure Shell (SSH) is an essential protocol used primarily for secure remote login from one computer to another. It provides several alternatives for strong authentication and protects the communications security and integrity with robust encryption. This tutorial aims to delve into the usage of SSH for secure communications and how to manage its settings for optimal security and functionality.

Exam Objective #

  • Configure SSH keys and SSH-agent to manage private keys.
  • Use ssh and scp commands.
  • Install and configure SSH server and client.
  • Analyze and utilize /etc/ssh/sshd_config and ~/.ssh/config files.
  • Port forwarding, X11 forwarding.

Utilities #

  • ssh
  • ssh-keygen
  • ssh-agent
  • ssh-add
  • scp
  • sshd (SSH daemon)
  • /etc/ssh/sshd_config
  • ~/.ssh/config

Step-by-Step Guide #

1. Installing SSH #

Before you can use SSH, you need to ensure it is installed on both the server and client machines.

On Ubuntu/Debian:

sudo apt-get update
sudo apt-get install openssh-server openssh-client

On CentOS/RHEL:

sudo yum install openssh-server openssh-clients

On Fedora:

sudo dnf install openssh-server openssh-clients

2. Configuring SSH Keys with ssh-keygen #

SSH keys provide a more secure way of logging into a server with SSH than using a password alone.

Generating SSH Keys:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This creates a new SSH key, using the provided email as a label.

Output Example:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/your_username/.ssh/id_rsa): [Press enter]
Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]
Your identification has been saved in /home/your_username/.ssh/id_rsa.
Your public key has been saved in /home/your_username/.ssh/id_rsa.pub.

3. Managing SSH Agent #

The SSH agent is a program to hold private keys used for public key authentication.

Starting ssh-agent:

eval "$(ssh-agent -s)"

Adding your SSH key to the ssh-agent:

ssh-add ~/.ssh/id_rsa

4. Using ssh and scp #

Connecting to a remote server:

ssh username@remote_host

Copying files with scp:

To copy a file from your local machine to a remote server:

scp /path/to/local/file username@remote_host:/path/to/remote/directory

To copy a file from a remote server to your local machine:

scp username@remote_host:/path/to/remote/file /path/to/local/directory

5. SSH Configurations #

Server Configuration (/etc/ssh/sshd_config):

To disable root login, edit the sshd_config file:

sudo nano /etc/ssh/sshd_config

Add or modify the following line:

PermitRootLogin no

Client Configuration (~/.ssh/config):

Create a config file for easier management of multiple connections:

touch ~/.ssh/config
nano ~/.ssh/config

Example configuration:

Host myserver
    HostName server.example.com
    User myusername
    IdentityFile ~/.ssh/myserver_rsa

6. Port Forwarding and X11 Forwarding #

Local Port Forwarding:

ssh -L localPort:remoteHost:remotePort username@sshServer

Remote Port Forwarding:

ssh -R remotePort:localhost:localPort username@sshServer

X11 Forwarding:

ssh -X username@remote_host

Conclusion #

In this tutorial, we have covered the essentials of setting up and using SSH for secure remote connections and file transfers. Through properly configuring and managing SSH keys and understanding the SSH configuration files, you can significantly enhance the security of your remote sessions and transfers. Always remember to keep your private keys secure and regularly update your configurations in line with best security practices.