In this article, we will explain what SSH is. Let's go !
SSH - Secure Shell - is an encrypted communication protocol between two machines - a client and a host - via a terminal.
As the most popular communication protocol, we have HTTPS, which allows a web browser to retrieve HTML, CSS and JS files from a web server, or FTP, which allows files to be sent over a network.
SSH allows you to communicate securely to a client or server.
If you are at work and want to have access to your home computer, you can use SSH.
If you want to put applications on a server, you can use SSH.
For a web developer, you can use SSH to connect to Github, for example.
In a terminal :
- ssh : Command to initiate secure communication with SSH.
- user : The user you want to access, usually the root user, if you are on your own server, for example.
- host : The computer we want to access, generally we put the ip address, but we can also put a domain name.
On windows, you need to install an application, PuTTY :
Since 2018, Windows has by default an SSH client :
On Linux/Mac, SSH is installed by default, If it's not the case : https://www.makeuseof.com/tag/beginners-guide-setting-ssh-linux-testing-setup/
SSH uses three types of encryption :
- Symmetric Encryption
- Asymmetrical Encryption
Symmetric encryption is an encryption algorithm that enables the encrypted connection between a client and a host.
The client and the host have the same key to encrypt and decrypt a message.
This key is generated via the Key Exchange algorithm.
To secure the key, we use a key exchange algorithm.
It is an algorithm that allows keys to be exchanged securely.
But, if someone steals the key, can they decrypt the message?
What makes this algorithm so special is that the key is never passed between the client and the host.
Instead the two computers share public pieces of data, and then manipulate it to independently calculate the secret key.
So even if another machine captures the publicly shared data, it won't be able to calculate the key because.
To function, it needs an asymmetric encryption.
An asymmetrical encryption uses two separate keys - one public and one private - for encryption and decryption.
Each user has a public and private key.
Now these public keys are linked with the private key in terms of functionality.
The private key cannot mathematically compute from the public key.
What does that mean?
A message is encrypted by machines public key can only be decrypted by the same machine private key.
And it's what we call a one way relationship.
In practice, what does it do ?
If user 1 wants to send a message to user 2, user 1 will retrieve the public key from user 2, encrypt the message with this key, then he will send the message to user 2 and user 2 will decrypt the message with their own private key.
This form of encryption with SSH is actually only used during the key exchange algorithm of symmetric encryption.
We need some way with symmetric encryption to generate that yellow key (first picture) without it entering the public.
And at this point we're able to get these yellow keys the symmetric key so we can exchange method messages using something called the Diffie Hellman key exchange.
With Diffie Hellman Key Exchange, we take part of the public and private key of user 1 and part of the public key of user 2 to generate the symmetrical key of user 1.
On your computer, open your terminal an go to your ssh folder :
The dot means that the folder is hidden by default, if this folder does not exist, create it.
To generate a public and private key :
ssh-keygen -t rsa -b 4096
You'll get to ask where you want to save the file, by default, you can leave empty, but as we generate a key specially for Github, enter as path :
Enter file in which to save the key (your_path/.ssh/id_rsa):
You have an option over here to enter a passphrase just for extra security if you want.
You have finally generate your ssh key for Github ! 🎉
Let's see what it looks like :
You have id_rsa_github and id_rsa_github.pub, and some other files.
- id_rsa_github is your private key, and NEVER share this key with anybody.
- id_rsa_github.pub is your public key, you can share it.
Next step, we will copy our public key and send it to Github. We have an command for this :
pbcopy < ~/.ssh/id_rsa_github.pub
Next, go to your Github account -> settings -> SSH and GPG keys, click the button New SSH key, you can add a title, copy your ssh key and finally add it.
To make sure Github is using the correct key for the connection, use the following command :
Your key is added, now to test it, take a repo on github, clone it with ssh on your computer.
If you go to your github profile and you see your green key, well done ! 🥳
If you want to try to connect to a server with ssh but you don't have one, you can use a virtual machine !
On your client :
ssh-keygen -t rsa -b 4096
Enter file in which to save the key (your_path/.ssh/id_rsa) :
Copy the public key :
pbcopy < ~/.ssh/id_rsa_test_server.pub
On your server - vm, like an Ubuntu :
Same case, if this folder does not exist, create it.
Same, if this file does not exist, create it and put your public key.
Go back to your client, and add your private key :
It's done ! now for connecting to your server - vm :
For find your server - vm ip address :
Now that you are connected to your server - vm via your client on the terminal, try to create a folder and return to your server - vm to see the result ! 📁
Thanks for reading this article.
I tried to explain the basics in a condensed way so that it was not too long to read.
If you want to clarify or for something else, do not hesitate to leave a comment.
See you in a next article, bye !