Back-end Flashcards
How does ssh work?
SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary.[2] There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on.
Another is to use a manually generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password. In this scenario, anyone can produce a matching pair of different keys (public and private). The public key is placed on all computers that must allow access to the owner of the matching private key (the owner keeps the private key secret). While authentication is based on the private key, the key itself is never transferred through the network during authentication. SSH only verifies whether the same person offering the public key also owns the matching private key. In all versions of SSH it is important to verify unknown public keys, i.e. associate the public keys with identities, before accepting them as valid. Accepting an attacker’s public key without validation will authorize an unauthorized attacker as a valid user.
How to use SSH
SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols.[2] SSH uses the client-server model.
The standard TCP port 22 has been assigned for contacting SSH servers.[8]
An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. Both are commonly present on most modern operating systems, including macOS, most distributions of Linux, OpenBSD, FreeBSD, NetBSD, Solaris and OpenVMS. Notably, Windows is one of the few modern desktop/server OSs that does not include SSH by default. Proprietary, freeware and open source (e.g. PuTTY,[9] and the version of OpenSSH which is part of Cygwin[10]) versions of various levels of complexity and completeness exist. Native Linux file managers (e.g. Konqueror) can use the FISH protocol to provide a split-pane GUI with drag-and-drop. The open source Windows program WinSCP[11] provides similar file management (synchronization, copy, remote delete) capability using PuTTY as a back-end. Both WinSCP[12] and PuTTY[13] are available packaged to run directly off a USB drive, without requiring installation on the client machine. Setting up an SSH server in Windows typically involves installation (e.g. via installing Cygwin[14]). In Windows 10 version 1709, an official Win32 port of OpenSSH is available.
SSH is important in cloud computing to solve connectivity problems, avoiding the security issues of exposing a cloud-based virtual machine directly on the Internet. An SSH tunnel can provide a secure path over the Internet, through a firewall to a virtual machine.[15]
SSH to a server
The ssh command is often also used to remotely execute commands on the remote machine without logging in to a shell prompt. The syntax for this is:
ssh hostname command
For example, to execute the command:
ls /tmp/doc
on host sample.ssh.com, type the following command at a shell prompt:
ssh sample.ssh.com ls /tmp/doc
After authenticating to the remote server, the contents of the remote directory will be displayed, and you will return to your local shell prompt. -x Disables X11 forwarding.
SSH CLIENT CONFIGURATION FILE
The ssh command reads its configuration from the SSH client configuration file ~/.ssh/config. For more information, see the page on SSH client configuration file.
CONFIGURING PUBLIC KEY AUTHENTICATION
To configure passwordless public key authentication, you may want to create an SSH key and set up an authorized_keys file. See the pages on ssh-keygen and ssh-copy-id for more information.
