SSH has become a very popular way to connect to servers. In this article we are going to explain it.
What is SSH?
SSH stands for Secure Shell ands it is a secure way to connect to servers.
SSH is supported on Linux, Mac and Windows 10 natively. For older versions of Windows, you may use PuTTy or even Git Bash.
Typically, you would login to server using password this way:
ssh username@192.168.1.1Where username is the user of the connected server and 192.168.1.1 is the server’s address.
You will be then asked for the password of username. That’s it!
This works, but it’s too boring to type the password every single time you want to login to the server. And here the ssh-keygen play its role.
Generating Keys
ssh-keygen is a command to create a key pair for ssh. Simply, what it does that it creates two files. One is called public key and the other is a private key.
Public keys are used to encrypt the messages between the client and the server, and they can be shared with no fears at all. The private keys are used to decrypt these messages. They must be kept secret and not to share them with anyone.
To create a the public and private keys, just run:
ssh-keygenThen it will ask you:
Enter file in which to save the key (~/.ssh/id_rsa):Simply, it asks you where to create the key pair, the default path for the newly generated key pairs is ~/.ssh/ (C:\Users\<user>/.ssh/ for windows) and the default name of the key pair file is id_rsa.
If you hit enter, you will be asked once again:
Enter passphrase (empty for no passphrase):A passphrase is like a password that is used to encrypt the private key. Although it adds more security, 90% of enterprises don’t use it accoring to this link.
We will skip it for now, hit enter and you are done, you have successfully created a SSH key pair!
The public key ends with .pub but the private key has no extension. So in our case, the public key is id_rsa.pub and the private is id_rsa.
But we are not done. Remember that we created the key pair so we don’t type the password every time we login to the server. Now we must configure the server some how to use the key we have just created instead of the password.
The server checks for a file in ~/.ssh/ called authorized_keys for the authorized keys. There, you can put your public key and you won’t get asked for password again. To do this, we will login to the server with password one last time, copy the contents of your public key and paste them at the end of ~/.ssh/authorized_keys. You should now login with no password.
Be careful
SSH automatically adds the default private keys which are ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa. ~/ssh/id_ed25519, and ~/.ssh/identity, if they exist.
If the key pair has a different location or a different filename, then you have to add the private key manually using the ssh-add command. If you didn’t you won’t be able to connect to the server. you will get something like:
username@192.168.1.1: Permission denied (publickey).To eliminate this problem, you will have to manually add the private key like this:
ssh-add path/to/my/keyFor example:
ssh-add ~/.ssh/tatu-aws-keyHere, the provided path is the default path (~/.ssh/), but the filename is not one of the default filenames so we had to manually add the private key.
If the key being added has a passphrase, ssh-add will run the ssh-askpass program to obtain the passphrase from the user. If the SSH_ASKPASS environment variable is set, the program given by that environment variable is used instead.
If you get Error connecting to agent: No such file or directory, then you have to start the ssh-agent by running:
eval "$(ssh-agent)"SSH also has some handy utilities to help you, one of them is scp and it helps you to copy files from your device to the server (neat ha?).
To use it you would do something like this:
scp ~/myfile.txt username@192.168.1.1:~This conmmand says: copy ~/myfile.txt from my computer to the server username@192.168.1.1 at the path ~.
Conclusion
SSH and its utilities are very powerful. But in this article we learned the basic (and the most used) commands.
If you want to go even further you can read the docs here.
That’s it folks! hope you liked this article.