loading...
Cover image for Discover SSH And Use It With Github

Discover SSH And Use It With Github

thomaslebn profile image Thomas Updated on ・5 min read

In this article, we will explain what SSH is. Let's go !

What's SSH ?

SSH - Secure Shell - is an encrypted communication protocol between two machines - a client and a host - via a terminal.

As the most popular communication protocol, we have HTTPS, which allows a web browser to retrieve HTML, CSS and JS files from a web server, or FTP, which allows files to be sent over a network.

What Is SSH Used For ?

SSH allows you to communicate securely to a client or server.

If you are at work and want to have access to your home computer, you can use SSH.
If you want to put applications on a server, you can use SSH.
For a web developer, you can use SSH to connect to Github, for example.

How To Use SSH ?

In a terminal : ssh user@host

  • ssh : Command to initiate secure communication with SSH.
  • user : The user you want to access, usually the root user, if you are on your own server, for example.
  • host : The computer we want to access, generally we put the ip address, but we can also put a domain name.

Installation

On windows, you need to install an application, PuTTY :
https://mediatemple.net/community/products/dv/204404604/using-ssh-in-putty-

Since 2018, Windows has by default an SSH client :
https://www.howtogeek.com/336775/how-to-enable-and-use-windows-10s-built-in-ssh-commands/

On Linux/Mac, SSH is installed by default, If it's not the case : https://www.makeuseof.com/tag/beginners-guide-setting-ssh-linux-testing-setup/

How Does SSH Works ?

SSH uses three types of encryption :

  1. Symmetric Encryption
  2. Asymmetrical Encryption
  3. Hasing

Symmetric Encryption

Symmetric encryption is an encryption algorithm that enables the encrypted connection between a client and a host.

The client and the host have the same key to encrypt and decrypt a message.
This key is generated via the Key Exchange algorithm.

Symmetric Encryption

Key Exchange Algorithm

To secure the key, we use a key exchange algorithm.
It is an algorithm that allows keys to be exchanged securely.

But, if someone steals the key, can they decrypt the message?

What makes this algorithm so special is that the key is never passed between the client and the host.
Instead the two computers share public pieces of data, and then manipulate it to independently calculate the secret key.
So even if another machine captures the publicly shared data, it won't be able to calculate the key because.

To function, it needs an asymmetric encryption.

Asymmetrical Encryption

An asymmetrical encryption uses two separate keys - one public and one private - for encryption and decryption.
Each user has a public and private key.

Now these public keys are linked with the private key in terms of functionality.
The private key cannot mathematically compute from the public key.

What does that mean?
A message is encrypted by machines public key can only be decrypted by the same machine private key.

And it's what we call a one way relationship.

Asymmetrical Encryption

In practice, what does it do ?

If user 1 wants to send a message to user 2, user 1 will retrieve the public key from user 2, encrypt the message with this key, then he will send the message to user 2 and user 2 will decrypt the message with their own private key.

Asymmetrical Encryption

This form of encryption with SSH is actually only used during the key exchange algorithm of symmetric encryption.

Why ?

We need some way with symmetric encryption to generate that yellow key (first picture) without it entering the public.

And at this point we're able to get these yellow keys the symmetric key so we can exchange method messages using something called the Diffie Hellman key exchange.

Diffie Hellman Key Exchange

With Diffie Hellman Key Exchange, we take part of the public and private key of user 1 and part of the public key of user 2 to generate the symmetrical key of user 1.

Diffie Hellman Key Exchange

Use SSH With Github

On your computer, open your terminal an go to your ssh folder :
cd .ssh

The dot means that the folder is hidden by default, if this folder does not exist, create it.

To generate a public and private key :
ssh-keygen -t rsa -b 4096

You'll get to ask where you want to save the file, by default, you can leave empty, but as we generate a key specially for Github, enter as path :

Enter file in which to save the key (your_path/.ssh/id_rsa):
your_path/.ssh/id_rsa_github

You have an option over here to enter a passphrase just for extra security if you want.

You have finally generate your ssh key for Github ! πŸŽ‰

Let's see what it looks like :
ls

You have id_rsa_github and id_rsa_github.pub, and some other files.

  • id_rsa_github is your private key, and NEVER share this key with anybody.
  • id_rsa_github.pub is your public key, you can share it.

Next step, we will copy our public key and send it to Github. We have an command for this :
pbcopy < ~/.ssh/id_rsa_github.pub

Next, go to your Github account -> settings -> SSH and GPG keys, click the button New SSH key, you can add a title, copy your ssh key and finally add it.

To make sure Github is using the correct key for the connection, use the following command :
ssh-add ~/.ssh/id_rsa_github

Your key is added, now to test it, take a repo on github, clone it with ssh on your computer.

If you go to your github profile and you see your green key, well done ! πŸ₯³

On A Server (VM)

If you want to try to connect to a server with ssh but you don't have one, you can use a virtual machine !

On your client :
cd .ssh
ssh-keygen -t rsa -b 4096

Enter file in which to save the key (your_path/.ssh/id_rsa) :
your_path/.ssh/id_rsa_test_server

Copy the public key :
pbcopy < ~/.ssh/id_rsa_test_server.pub

On your server - vm, like an Ubuntu :
cd .ssh
Same case, if this folder does not exist, create it.

nano authorized_keys
Same, if this file does not exist, create it and put your public key.

Go back to your client, and add your private key :
ssh-add ~/.ssh/id_rsa_test_server

It's done ! now for connecting to your server - vm :
ssh root@ip_server

For find your server - vm ip address :
https://tecadmin.net/check-ip-address-on-linux/

Now that you are connected to your server - vm via your client on the terminal, try to create a folder and return to your server - vm to see the result ! πŸ“

πŸ‘‹ !

Thanks for reading this article.
I tried to explain the basics in a condensed way so that it was not too long to read.

If you want to clarify or for something else, do not hesitate to leave a comment.

See you in a next article, bye !

Ressources

Secret Key Exchange (Diffie-Hellman) - Computerphile

Diffie Hellman -the Mathematics bit- Computerphile

Key Exchange Problems - Computerphile

Elliptic Curves - Computerphile

How Secure Shell Works (SSH) - Computerphile

https://www.tecmint.com/rsync-local-remote-file-synchronization-commands/

Posted on May 8 by:

thomaslebn profile

Thomas

@thomaslebn

Data Science πŸ” - Machine Learning πŸ€–

Discussion

markdown guide