SSH – The Secure Shell

Need of Secure Shell

Accessing machines remotely became a necessity a long time ago and we can barely
imagine how it would be if we couldn’t control computers from remote locations.
There are many ways to establish a connection with a remote machine depending on
the operating system you are running, but the two most used protocols are:

Secure Shell (SSH) for Linux-based machines.

Remote Desktop Protocol (RDP) for Windows-based machines.

The two protocols use the client and server applications to establish a remote connection.
These tools allow you to gain access and remotely manage other computers, transfer files, and
do virtually anything you can do while physically sitting in front of the machine.
 What is SSH ?

“SSH, the Secure Shell is a powerful, software-based

approach to network security that provides a secure channel for
data transmission through a network”
ssh (SSH client) is a program for logging into a remote
machine and for executing commands on a remote machine. It is
intended to provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections,
arbitrary TCP ports and UNIX-domain sockets can also be
forwarded over the secure channel.
 What is SSH ?

Secure Shell, sometimes referred to as Secure Socket Shell, is a protocol

which allows you to connect securely to a remote computer or a server by
using a text-based interface.
When a secure SSH connection is established, a shell session
will be started, and you will be able to manipulate the server by typing
commands within the client on your local computer.
System and network administrators use this protocol the most,
as well as anyone who needs to manage a computer remotely in a highly
secure manner.
 Why SSH ?
The three core security requirements for a remote access technology – confidentiality, integrity and
authentication.

Authentication
Reliably determines someone's identity. If you try to log into an account on a remote
computer, SSH asks for digital proof of your identity. If you pass the test, you may log in; otherwise SSH rejects
the connection.
Encryption
Scrambles data so it is unintelligible except to the intended recipients. This protects your data
as it passes over the network.
Integrity
Guarantees the data traveling over the network arrives unaltered. If a third party captures and
modifies your data in transit, SSH detects this fact.
 Why SSH ?

Most of the earlier technologies lack confidentiality and integrity. For e.g. Telnet and FTP
transmit username and passwords in cleartext.
They are vulnerable to attacks such as IP spoofing, DoS, MITM and eavesdropping.
Secure shell satisfies all the three requirements by using:
 Data Encryption to provide confidentiality
 Host-based and (or) client-based authentication
 Data integrity using MACs and hashes
 How Does SSH Work
 In order to establish an SSH connection, you need two components: a client and the
corresponding server-side component. An SSH client is an application you install on the
computer which you will use to connect to another computer or a server. The client uses
the provided remote host information to initiate the connection and if the credentials are
verified, establishes the encrypted connection.

 On the server’s side, there is a component called an SSH daemon that is constantly
listening to a specific TCP/IP port for possible client connection requests. Once a client
initiates a connection, the SSH daemon will respond with the software and the protocol
versions it supports and the two will exchange their identification data. If the provided
credentials are correct, SSH creates a new session for the appropriate environment.

 The default SSH protocol version for SSH server and SSH client communication is
version 2.
 SSH Syntax

ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]

[-c cipher_spec] [-D [bind_address:]port] [-E log_file]
[-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]
[-J destination] [-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-Q query_option]
[-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] destination [command]

Options.txt
 How to Connect via SSH
 Now that you have the OpenSSH client and server installed on every machine you need, you can establish a secure
remote connection with your servers. To do so:

 Open the SSH terminal on your machine and run the following command:
 ssh your_username@host_ip_address
 If the username on your local machine matches the one on the server you are trying to connect to, you can just type:
 ssh host_ip_address
 And hit Enter.
 Type in your password and hit Enter. Note that you will not get any feedback on the screen while typing. If you are
pasting your password, make sure it is stored safely and not in a text file.
 When you are connecting to a server for the very first time, it will ask you if you want to continue connecting. Just type
yes and hit Enter. This message appears only this time since the remote server is not identified on your local machine.
 An ECDSA key fingerprint is now added and you are connected to the remote server