022 SSH

17 Nov 2012

Secure Shell (SSH) is a program to securely log in to another computer over a network and execute commands in that machine. In this episode, we will look into how to generate keys, ssh configurations, secure copy, known hosts and even AWS login.

Download video: mp4

Similar episodes: 002 Terminal, 019 Bash, 015 Github

##Background on SSH:

  1. What is Secure Shell (SSH)?
  2. Open SSH Manual
  3. Getting started with SSH
  4. Fun with SSH
  5. requiring ssh for github

##Things to learn with SSH

We will work with 2 computers: client and server. The server can be another computer in the same network as the client, a web host provider (most common), aws, etc.

####1. background on ssh

In the client computer, in the command line:

  1. check ssh version with ssh -V
  2. check the manual for ssh with man ssh
  3. locate the program file for ssh with which ssh

####2. login/logout the server computer

In the client computer, in the command line:

  1. ssh [email protected] with password and it’s just like logging into another computer
  2. when we login for the first time, the hostname will get added to the file ~/.ssh/known_hosts
  3. ls to look at the folders and files in the current directory
  4. cd to change dirctories
  5. logout to exit the server computer

####3. create encryption keys

We will work with 2 command line tabs:

  1. SERVER: ssh [email protected]
  2. CLIENT: cd ~/.ssh

In the client’s command line:

  1. generate encryption keys: ssh-keygen -t rsa -f learnssh -C "[email protected]"
  2. generate the fingerprint seperately: ssh-keygen -l -f filename.pub
  3. secure copy and transfer the generated encryption key to the server’s home directory: scp -p learnssh.pub [email protected]:

In the server’s command line:

  1. check that learnssh.pub has indeed been transferred with ls -al learnssh.pub
  2. concat the contents of learnssh.pub to the file /etc/ssh/sshd_config with the command cat learnssh.pub > ~/.ssh/authorized_keys
  3. uncomment line AuthorizedKeysFile %h/.ssh/authorized_keys inside the file /etc/ssh/sshd_config
  4. logout exit
  5. this time there won’t be any password prompt. login again with ssh [email protected]
  6. logout

In the client’s command line:

  1. create a file ~/.ssh/config with the following in the content:

    Host ubuntubox Hostname User sayanee IdentityFile ~/.ssh/learnssh In the server’s command line:

  2. how we can login with a shorter command ssh ubuntubox without any password prompt

####4. ssh with amazon web services (aws)

  1. go to aws > My Account/Console > AWS Management Console > Amazon Web Services > EC2
  2. Left Column > Instances > Instances > Launch Instance
  3. Through the Wizard > 5 steps:
    1. Choose an AMI> Choose Ubuntu Server Free Tier
    2. Instance Details > choose default/continue
    3. Create Key Pair > Create a new Key Pair > learnsshaws > Create and download your key pair > learnsshaws.pem
    4. Configure firewall > default/continue
    5. Review > default/continue
  4. Click the instance, and copy the public DNS address
  5. copy the downloaded learnsshaws.pem to folder ~/.ssh
  6. change the permission with chmod 600 learnsshaws.pem
  7. login to aws via ssh ssh -i /Users/username/.ssh/learnsshaws.pem -v [email protected]
  8. to login such a long ssh command, amend the ~/.ssh/config file with the following contents:

    Host awstest Hostname aws-public-dns User ubuntu IdentityFile ~/.ssh/learnsshaws.pem

  9. now we can login to aws with a shorter command and no password with ssh awestest

##More Resources on SSH 1. 01 uses of open ssh, part 1, part 2 1. How to ssh into remote web server without using a password 1. SSH: What and How? 1. The Perfect workflow: Git, Github, SSH 2. 30 epic resources on how to ssh

##Build Link of this Episode

hak5, a tech show covering networking, security, operating systems and many fundamental hardcore tech stuff very well explained by one of the hosts, Darren Kitchen!