20 December 2008

SSH Tutorial

SSH (Secure Shell) protocol is the encrypted way to access a remote server
from your workstation using the console.Once you're connected and logged on
the remote machine, you can do stuff( what you are allowed to do) there,
directly from your computer. By using SSH, you encrypt the traffic and
compress it, so it can be more faster, also you can run ftp, pop, and even
ppp via it so your data(username, password for e.g.) will pass along the
internet encrypted.

The traditional network services like ftp, pop or telnet are convenient but
inherently unsafe, since they all make you send a password and data in clear
text over an increasingly unsafe network. The original SSH has been
developed by a Finnish company. Due to copyright restraints and patented
algorithms, the Free Software world now uses OpenSSH, a free SSH work-alike.

In order for ssh to work properly, the remote machine must be running an
sshd daemon, or an equivalent. The SSH server runs on a UNIX machine (it is
theoretically possible to put an SSH server on an NT server, but it has not
been done to my knowledge). SSH comes in two major, partly incompatible
versions, 1.x and 2.x. You won't be able to connect to an SSH 1.x server
with an SSH 2.x client. OpenSSH 2.x supports both versions.If you are
running a unix system (linux for example), you can do SSH from your console
, otherwise, if you are running windows you'll have to get an SSH client,
Putty is very good for it.

First you have to find out about public key cryptography. Public key
cryptography uses a public key to encrypt data and a private key to decrypt
it. The name public key comes from the fact that you can make the encryption
key public without compromising the secrecy of the data or the decryption
key. What this means is that it is safe to send your public key (i.e. the
contents of the ~/.ssh/identity.pub file) in electronic mail or by other
means e.g. to have a system administrator of a remote site install that key
into your ~/.ssh/authorized_keys file. For anyone to actually gain access
they need the corresponding private key (i.e. the decrypted contents of
~/.ssh/identity) to identify themselves.SSH saves it's settings and your
encryption keys in the ~/.ssh subdirectory (a subdirectory in your home

If you've never used the machine you're on to ssh before, or if you have not
deemed your machine "trusted", you will recieve the following message:

userid> ssh beatbox
Host key not found from the list of known hosts.
Are you sure you want to continue connecting (yes/no)? yes
Host 'beatbox' added to the list of known hosts.
userid@beatbox's password:

If you want to login with a different username then your local username you
will type something like this:

userid> ssh username@hostname

To further protect your private key you should enter a passphrase to encrypt
the key when it is stored in the filesystem. This will prevent people from
using it even if they gain access to your files.

The very first step is to use ssh-keygen to create an authentication key for
yourself. In most cases the defaults for this command are what you
want.Always, type in a good pass-phrase when prompted for one. It can be
multiple words (i.e. spaces are just fine within the phrase), so you could
choose a sentence that you can remember. Changing some of the words by
misspelling them or by changing some of the letters into digits is highly
recommended to increase the strength of your pass phrase.

Here is a sample session, your input is in bold. Note that the pass-phrase
is not echoed back as you type it:

beowulf% ssh-keygen
Initializing random number generator...
Generating p: .++ (distance 6)
Generating q: ........++ (distance 110)
Computing the keys...
Testing the keys...
Key generation complete.
Enter file in which to save the key ($HOME/.ssh/identity): [RETURN]
Enter passphrase (empty for no passphrase): litt1e 1amp jumb3d
Enter same passphrase again: litt1e 1amp jumb3d
Your identification has been saved in /u/kim/.ssh/identity.
Your public key is:
1024 37 [lots of numbers] kim@beowulf.gw.com
Your public key has been saved in /u/kim/.ssh/identity.pub

Now that you are connected, you can safely work on the remote machine thus
no one can see what you are actually doing even if they sniff the traffic,
all the comunication is high encrypted and secure.