In this blog, you will learn about SSH Command, also one of the main commands in Linux. Basically, it is one of the Linux services like FTP, Apache, etc. Now let’s start the blog.
Introduction
The ssh
command in Linux is used to establish a secure encrypted connection between two systems over an unsecured network.
It stands for “Secure Shell” and is commonly used for remote login and secure file transfer.
As data is transferred between the client and the host in encrypted form, the ssh command uses the secure ssh protocol.
It sends the input to the host via the client and receives the output sent by the host before returning the input. Through TCP/IP port 22, it operates.
The default port for SSH Connection is 22. We can change the default port value and use between 1024 and 32767.
More about SSH Command
SSH is one of the Linux commands which is used to access another Linux Server or access a Linux Server from a terminal.
Syntax:
$ ssh [options] [user@]hostname [command]
Components of SSH Command
ssh command: Instructs the machine to create a secure encrypted connection with the host system.
user: The username is the name of the Linux user, which is being accessed by the host machine.
hostname: A host is a machine that is accessed by the user, such as a computer or a router. A domain name or an IP address also refers to a Host.
How to use and Install SSH Server
To use SSH Server, ssh service should be installed on Linux Server.
Sometimes SSH is pre-installed in some Linux distributions.
To check whether ssh service is present or not. Type the command:
$ cd /etc/ssh
$ ls
ssh_config ssh_config.d
The above command shows that the ssh service is installed in your system.
If not., then install the SSH Service in your system and enable the service.
$ sudo apt-get install openssh-client openssh-server
$ sudo systemctl enable ssh ## Enable the SSH Service
$ sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-06-07 16:14:05 IST; 3min 4s ago
Docs: man:sshd(8)
man:sshd_config(5)
The above command shows the status of the SSH Service i.e. active.
How SSH Works
Here’s a general overview of how the SSH command works:
A) Connection initiation:
The client initiates a connection to the SSH server by specifying the server’s IP address or domain name, as well as the SSH port (usually port 22).
B) Client-server handshake:
The client and server perform a handshake to establish the SSH connection. This involves negotiating encryption algorithms, exchanging cryptographic keys, and verifying the server’s authenticity.
C) Authentication:
Once the connection is established, the client needs to authenticate itself to the server. This can be done in several ways, such as using a password, a public key, or a combination of both. The authentication method is determined by the server’s configuration.
D) Session establishment:
After successful authentication, a secure session is established between the client and the server. This session allows the client to execute commands or perform other operations on the remote system.
E) Encrypted communication:
All data transmitted between the client and the server is encrypted to ensure confidentiality. This encryption prevents unauthorized parties from intercepting and understanding the exchanged information.
F) Command execution:
The client can now send commands to the server over the encrypted channel. These commands can include various actions like file transfers, remote shell access, or running specific programs on the remote system.
G) Response and output:
The server executes the received command and sends the output back to the client. This output is encrypted during transmission and decrypted on the client side for viewing.
Connection termination:
Once the session is complete, the client can terminate the SSH connection, ending the secure communication between the client and the server.
Overall, the SSH command provides a secure and encrypted means of remotely accessing and managing systems over untrusted networks, ensuring the confidentiality and integrity of the transmitted data.
SSH Key Generation
Steps to create SSH Key Generation:
A) Generate a New SSh Key Pair on Local Machine
To generate a SSH key use the ssh-keygen command.
The ssh-keygen
command is used to generate SSH key pairs. It creates a public key and a corresponding private key.
By default, ssh-keygen
generates RSA keys, but it also supports other key types like DSA and ECDSA. Here’s the basic syntax:
$ ssh-keygen [-t key_type] [-b key_length] [-C comment] [-f output_file]
Some commonly used options:
-t key_type
: Specifies the type of key to generate (e.g., rsa, dsa, ecdsa).-b key_length
: Specifies the number of bits in the key (default is 2048).-C comment
: Adds a comment to the key (optional).-f output_file
: Specifies the output file for the generated key (default isid_rsa
orid_dsa
).
After running ssh-keygen
, you’ll have a public key (e.g., id_rsa.pub
) and a private key (e.g., id_rsa
) in the specified output file or the default location (~/.ssh/
).
Example:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/binfintech/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/binfintech/.ssh/id_rsa
Your public key has been saved in /home/binfintech/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:l0sRGy9pYBhuaVCemTXDzzfa24pWnG15Ij/J/fjw7qQ binfintech@binfintech-laptop
The key's randomart image is:
+---[RSA 3072]----+
| ..o+* o |
| +.B.+ * |
| X o* . |
| o .o+o |
| S += + . |
| o..* = .|
| .. B.=.|
| ... **.|
| .. ..E=B|
This is how our SSH Key is generated.
B) Copy public key to Remote Machine
To copy the key from client server to remote server we have to use the command ssh-copy-id.
The ssh-copy-id
command simplifies the process of installing your public key on a remote server, enabling key-based authentication. It securely copies your public key to the remote server’s ~/.ssh/authorized_keys
file. Here’s the basic syntax:
$ ssh-copy-id [-i [identity_file]] [user@]hostname
Some commonly used options:
-i identity_file
: Specifies the identity file (private key) to use (default is~/.ssh/id_rsa
).[user@]hostname
: Specifies the username and hostname of the remote server.
When running ssh-copy-id
, you’ll be prompted for the password of the remote user. After successful authentication, your public key will be added to the remote server’s authorized_keys
file, allowing you to authenticate without entering a password in future SSH connections.
Example:
C) Login to Remote Server without password
When to use SSH Key over SSH password
In Linux, SSH key generation is preferred over password-based authentication for the following reasons:
Stronger Security:
SSH keys provide a higher level of security compared to passwords. Passwords can be vulnerable to various types of attacks, such as brute-force attacks or dictionary attacks. In contrast, SSH keys use a significantly longer and more complex key pair, making them extremely difficult to guess or crack.
Elimination of Password-based Attacks:
With SSH key authentication, you can disable password authentication completely, reducing the risk of password-based attacks like password guessing or credential stuffing. Attackers won’t be able to access your system even if they manage to obtain your username.
Convenience and Ease of Use:
SSH keys offer a more convenient way to authenticate to remote systems. Once you have set up SSH key authentication, you can log in to remote servers without entering your password every time. This can save time and make the authentication process smoother, especially when performing automated tasks or using scripts.
Centralized Access Control:
With SSH key authentication, you have more control over granting and revoking access to your Linux systems. You can easily manage the authorized SSH keys on the server side, adding or removing keys as needed. This centralized control is particularly beneficial in scenarios where multiple users need access to the same system.
Logging and Auditing:
SSH key authentication provides better logging and auditing capabilities. Each SSH key has a unique identifier associated with it, allowing you to track who accessed the system and when. This can be useful for compliance purposes and troubleshooting any unauthorized access attempts.
Overall, SSH key generation offers improved security, convenience, and centralized control, making it a preferred method of authentication in Linux environments.
SSH Commands
A) Connection between two systems with username and password:
Let’s take an example, there are two machines
1) First machine Configuration (Ubuntu):
username: binfintech
password: binfintech
IP address: 192.168.0.106
2) Second Machine Configuration (Kali):
username: Kali
password: kali
IP address: 192.168.0.107
Now my aim is to connect remotely Kali machine with the Ubuntu Machine.
Step 1: Place username and IP address in the ssh command
$ ssh [email protected]
After the command, it will ask for the password, and give the password of the Ubuntu machine.
Note: If you see the output is giving Connection is refused. So please enable the ssh port in the Ubuntu Machine.
B) Connection between two systems with key Generation:
Recent Articles on Linux
- What is Linux Operating System | Introduction to Linux
- Directory in Linux Define | Linux Directory & its Commands
- Explain the chmod command in Linux | Linux chmod command
- Linux User Management || User Management in Linux
- Linux Computer Network Advanced Command | Network Command
- Redirection in Linux I/O| Linux I/O Redirection
- CronTab and Job Scheduling in Linux | Make CronTab Project
Related Articles on Python
- Continue and Break Statement in Python
- Definition of Strings in Python with its Examples
- Numbers in Python | Introduction to Numbers in Python
- Loop in Python | Different Types of Loop in Python
- Sets in Python | Python Sets and Operations performs on them
- Conditional Statements in Python (With Examples)
- File Handling in Python and Operations performed on File Handling
- What are Dictionary in Python | Dictionary in Python, advantages
- Variables and Typecasting in Python || Variables in Python