- What is SSH?
- Full form → secure shell
- Its works as a communication protocol & helps to connect with a remote computer
- We can do anything on remote computer
- File changes
- Data changes
- Setting up web servers
- Main feature → Traffic is encrypted (thats why called secure shell)
- Used mostly in the terminal/command line
- Client/Server Communication
SSH
→ clientSSHD
→ server (OpenSSH Daemon)- listens for SSH connections
- servers have
SSHD
config files
- Servers have
SSHD
installed & running → required to make a connection usingSSH
- Authentication Methods
- Authenticating servers using
ssh
- Ways:
-
Password
-
default method
-
creating a user on a remote server & logging in using ssh & the password for that use
-
Example:
ssh kunal@192.168.1.29
-
-
Public/Private Key Pair
- recommended way to logging in to the remote server
- we can generate public & private keys
- this is a safer approach as compared to having passwords
-
Host Based
- Pre-defining the hosts that are allowed to connect to a machine
- Defined in a file called as
known_hosts
- client file containing all remotely connected known hosts , and the ssh client uses this file. This file authenticates for the client to the server they are connecting to. The known_hosts file contains the host public key for all known hosts.
-
- Authenticating servers using
- Generating
SSH
keys-
Command used:
ssh-keygen
~/.ssh/id_rsa
(Private Key)~/.ssh/id_rsa.pub
(Public Key)
-
Public key goes into the server → in
authorized_keys
file
-
- For Windows users
- Windows 10 supports native SSH
- Git Bash & other terminal programs include
ssh
command & other UNIX tools
- Logging in to the local server
ssh kunal@192.168.1.29
kunal
→ name of the user that we wanna login as (already created in the local server)192.168.1.29
→ IP address of the local server
- Generating SSH Keys
ssh-keygen
- Copying the public key to the server
-
Using the command:
ssh-copy-id username@remote_host
- The
ssh-copy-id
tool is included by default in many operating systems, so you may have it available on your local system.
- The
-
Alternative method:
cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"
-
-
Various cloud-service providers:
- Digital Ocean
- Linode
- AWS
- Hostwinds
-
Using
Linode
today!-
Generating new keys:
ssh-keygen -t rsa
- You can give custom names to each pair of key files you generate
- By default, the name would be
id_rsa
&id_rsa.pub
- By default, the name would be
- In our case, lets name them with
id_rsa_lo
- Therefore, the 2 keys generated:
id_rsa_lo
id_rsa_lo.pub
- You can give custom names to each pair of key files you generate
-
Adding the public SSH key to Linode:
-
Remote server is created successfully 🎉
-
Its time to log in to our server using ssh
- Using the IP address
ssh root@170.187.250.90
-
Updating & Upgrading all the packages is a good practice once you create your server
sudo apt update
sudo apt upgrade
-
Creating a
new user
→ again, always a good practice to not use theroot
user for workingadduser <name>
-
To check the info of the new user → Example:
kunal
id kunal # Ouput: uid=1000(kunal) gid=1000(kunal) groups=1000(kunal)
-
Adding sudo priviledges to a new user
usermod -aG sudo kunal
-
Checking the above:
id kunal # Output: uid=1000(kunal) gid=1000(kunal) groups=1000(kunal),27(sudo)
27(sudo)
→sudo
permissions have been added
-
-
Logging in to the server (again) as a new user (kunal)
ssh kunal@170.187.250.90
-
Disabling the root user login now:
- Heading over the config file location
sudo nano /etc/ssh/sshd_config
-
Setting the value of
PermitRootLogin
as →no
-
Reloading SSHD service
sudo systemctl reload sshd
-
-
Setting up SSH keys for GitHub
ssh-keygen -t rsa
- We can name these as:
id_rsa_gh
id_rsa_gh.pub
- We can name these as:
-
Adding our public key to GitHub (in our host server)
-
Using
ssh-add
command to add SSH private keys into the SSH authentication agent-
To add the ssh-agent, for using ssh-add
eval `ssh-agent -s`
-
Using ssh-add:
ssh-add /home/kunal/.ssh/id_rsa_gh
-
We now have our GitHub identity added
-
-
We can now clone the repository (on which we have added the ssh public key)
- Installing
Node Js
on Ubuntu:- Used the documentation here