SSH Explanation & Basic Commands | Redhat Linux

What is SSH ?

SSH aka Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typicaly it is used to secure login or terminal session but it can be used to secure any network service. It uses the client-server architecture to establish secure network to communicate end devices. SSH encrypts the login session to make it difficult for any third party user to steal information.By default SSH works on port number 22.

Below are main features that make SSH protocol so popular and trustworthy.

1: Encryption - SSH uses encryption algorithm to encrypt data before send to remote machine. It creates an encryption session before start communication.

2: Authentication - Before send data or establish communication SSH enusre that only authentic user/machine can communicate and no else can pretend to be user/host machine.

3: Integrity - SSH is also responsible for data integrity so no one can temper the data during active session.

Usage:

1: Secure Remote Login

2: Secure X11 Session

3: Secure File Trasnfer Protocols( SCP, SFTP, RSYNC, FISH)

4: Secure Execute Single Commands In Remote Machine

5: TCP Port Forwarding

6: Secure Tunneling

7: Keybase Auto Login

8: Secure VPN and Proxy (e.g SOCKS)

What is SSH Keys

SSH keys are an encrypted code which is used to authenticate a machine or user to access a remote machine over a network securely. When ssh key generated it should be copied to that machine which we have to login through SSH

Below are the reason why we need SSH key to remote authentication.

1: Repetitive Logins To A Server

2: Automation Jobs Which Required Authentication

3: Authenticate User In More Secure Way

Important SSH Commands

Note: At any time see man pages for help using "man ssh" command. And to login to remote machine you can either enter the hostname or machine ip.

1: Login to a remote machine using currrent login user credentials of local machine

ssh ip

2: Login to a remote machine using existing user account of remote mahicne

ssh user@ip

3: Login to a remote machine with different SSH port number

ssh -p port_number user@ip

4: Generating a SSH public and private key-pairs with default algorithm.

ssh-keygen

5: Generating a SSH public and private key-pairs by using specific algorithm (e.g RSA, ECDSA, DSA, MD5)

ssh-keygen -t rsa

6: Copying the SSH public key to the remote machine.

ssh-copy-id user@hostname

7: Copying the ssh public key to the remote machine by specifying path.

ssh-copy-id ~./ssh/id_rsa.pub user@hostname

8: Enable X11 forwaring.

ssh -X user@ip

OR

ssh -Y user@ip

Note: X window system should be installed on remote machine. run below command to install X windows system.

yum group install "X11 window system"

9: Execute a single command in the remote machine without logging into remote machine.

ssh user@ip command

10: Force users to run only specific command, just open ~.ssh/authorized_keys file of your ssh server and add below text before starting of your key e.g beforessh-rsa.

command="/usr/bin/top"

Example:

Note: You can have only one command per key, because the command is “forced”. If you want to add multiple commands to allow user to execute you have to create either a bash script or a wrapper with allow commands list and specify that script in ~.ssh/authorized_keys path

For more information on this please refer to this stackoverflow post

11: Allow only specific local machine to access remote machine, just add below line before ssh-rsa in remote machine's ~./ssh/authorized_keys.

from="127.0.0.1"

Example: