StratusQuo
Posts Tags Categories Series
StratusQuo

Dive Into SSH: An Intro to SSH Keys

A Beginner's Guide to SSH

 published in   SSH
  Part 1 of the SSH Basics series.
     1006 words  5 minutes 
./Keys_9f58f2fce6.avif
Series - SSH Basics

Intro

So, you’ve launched your shiny new cloud server on a platform like Vultr,  DigitalOcean, or  Linode. Visions of building your blog, or constructing the next big thing swirl in your mind. But first things first – how do you even start using this thing?

Enter SSH.

If you’re scratching your head, don’t worry – I’m here to turn you into a remote system ninja. Hold onto your keyboard, and let’s get started!

Imagine your remote computer/server is like a house. There are many ways to get into the house: front doors, back doors, windows, etc. Each of these entry points corresponds to a method (a.k.a protocol) to access the computer, like HTTP, FTP, and so on. We’ll dive deeper into these protocols later on.

Now, SSH (Secure Shell) is like a secure, fortified front door. It’s not just any regular door; it’s equipped with advanced locks (encryption) and a special keycard system (authentication).

In a nutshell: SSH (aka Secure Shell) is like a magical door to another computer, and it’s the most popular way to take a peek into remote Linux systems.

We’re going to need a few things:

  • An SSH Client on your PC
  • A Terminal of some sort

Mac or Linux users:

  • Lucky you! Your system comes with SSH. No extra work needed.

If you’re on Windows:

Before you even start, you need OpenSSH.

  • Think of it as the “password” to this magical door.

For PowerShell junkies:

Just need the basics?

Tip
Want the full Linux experience? Use WSL (Windows Subsystem for Linux). It comes with SSH.

The most basic SSH command that you can run from your local PC is:

ssh your_remote_machine_IP_address

Note: this assumes your remote system knows you by the same username as the one you use on your Local PC.

If it calls you by another name, you’d use:

ssh your_remote_username@your_remote_machine

So if your username is “stratusquo” on your remote machine, and it’s IP is 160.11.22.33, you’d run:

ssh stratusquo@160.11.22.33

Similarly, to log in as root (the main administrator account in any Linux system) on that same machine we’d use:

ssh root@160.11.22.33

Tip
If your remote system asks for a password (like any good security system) – give it. Later on, we’ll level up and use super-secure keys instead.

To exit and come back home, just type:

exit

Here’s how the magic works:

  • You use an SSH client (like OpenSSH) to connect to an SSH Server (which is just another program that’s already hanging out on the remote machine)

Almost all Linux systems automatically have this server running.

If yours doesn’t, no worries – start it manually! On Ubuntu, for example, you can run:

sudo systemctl start ssh

Changing SSH’s configuration is like choosing an outfit for it. You decide how it looks and acts.

Caution!

Always back up before playing dress-up!

Make sure to run:
sudo cp /etc/ssh/sshd_config{,.bak}

to back up your SSH configuration.

Let’s open the wardrobe with:

sudo nano /etc/ssh/sshd_config

Inside, you’ll see several options. While most are good as they are, there are a few you might want to twiddle with.

Once you’re done, save and exit. For nano users, that’s Ctrl+X, followed by Y and Enter.

Refresh your server with:

sudo systemctl reload ssh

Tip
Keep some doors (terminals) open when you change outfits. You don’t want to lock yourself out!!

Keys are like a VIP pass to your server. They’re not only faster, but more secure than passwords.

How it Works:

You have two keys:

  • a public one (that you share)

and

  • a private one (that’s a secret)

When you try connecting with your VIP pass, the server sends a secret message that only your private key can read.

Just a quick note
This system of using two related keys (one public, and one private) is known as “public-key” or “asymmetric” cryptography. It also plays a major role in PKI (or Public Key Infrastructure) – we’ll deeper dive on all of this later on in another post.
 

Run:

ssh-keygen -t rsa

This creates a key pair. Keep them safe and sound! Your public key is like your business card. Hand it out to servers you want to connect to.

Note: You can also customize the name of the keys. This can be good practice when you have more then one server, as this makes it much easier to manage later on down the line:

You can do so by running the -f flag.

ssh-keygen -t rsa -f ~/.ssh/my_custom_key_name

Easy peasy:

ssh-copy-id remote_host

Once you’re done, you won’t need a password next time you SSH into this server – nice right?

If you’re using keys (and you should), you can make your server even more secure by turning off password-only logins.

Warning
Be sure you’ve given your server your public key, or you’ll lock yourself out!

To make the change:

sudo nano /etc/ssh/sshd_config

Then, after saving, verify the changes by running:

cat /etc/ssh/sshd_config

You should see an output of the file in the terminal – make sure you see the following in the bottom of the config:

PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no

After everything is saved, and you’ve verified the changes, restart SSH with:

sudo systemctl reload ssh

Changed your port number? Use:

ssh -p your_new_port_number remote_host

Run a quick command without staying:

ssh remote_host quick_command

Congrats! You’ve just taken a whirlwind tour of SSH. Keep practicing, and you’ll soon be jumping between servers with the agility of a cat.

In the next part of the series, we’ll be doing a deeper dive on SSH, including a deeper dive on copying keys to a remote server, how to save multiple keys, how to use a config file to nickname each ssh connection, and a deep dive on special SSH commands.

Cheers!

Updated on 08/24/2023
Read this post as Markdown
 SSHSecurityNetworking
Back | Home