Open in app

Sign in

Write

Sign in

SSH (Secure Shell)

Mustapha Aliyu Galadima
5 min readFeb 3, 2023

--

Let’s talk about the SSH in the world of security and permission granting.

What is SSH in general

SSH or Secure Shell is a network communication protocol that enables two computers to communicate ( http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data. An inherent feature of ssh is that the communication between the two computers is encrypted meaning that it is suitable for use on insecure networks. SSH is often used to “login” and perform operations on remote computers but it may also be used for transferring data.

You use a program on your computer (ssh client), to connect to our service (server) and transfer the data to/from our storage using either a graphical user interface or command line. There are many programs available that enable you to perform this transfer and some operating systems such as Mac OS X and Linux have this capability built in.

SSH clients will typically support SCP (Secure Copy) and/or SFTP (SSH File Transfer Protocol) for transferring data; we tend to recommend using SFTP instead of SCP but both will work with our service.

Also using the command line comes with options, there are many very good programs with graphical interfaces such as WinSCP for Windows and Cyberduck for Mac OS X. Please see the access guide for your operating system (Windows, Mac OS X and Linux) for more information.

Image to illustrate ssh

What Is ssh-keygen?

Ssh-keygen is a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts.

The SSH protocol uses public key cryptography for authenticating hosts and users. The authentication keys, called SSH keys, are created using the keygen program.

SSH introduced public key authentication as a more secure alternative to the older .rhosts authentication. It improved security by avoiding the need to have password stored in files, and eliminated the possibility of a compromised server stealing the user’s password.

However, SSH keys are authentication credentials just like passwords. Thus, they must be managed somewhat analogously to user names and passwords. They should have a proper termination process so that keys are removed when no longer needed.

Creating an SSH Key Pair for User Authentication

The simplest way to generate a key pair is to run ssh-keygen without arguments. In this case, it will prompt for the file in which to store keys and with which we shall be configuring a SSH key to connect to a web-server. Here’s an example:

CONFIGURING A WEB_SERVER CONNECTING UBUNTU 20.04LTS AND INTRANET PROFILE

As you already have a .ssh file in your root directory. Go into your root directory on your web-server

$ cd ~
$ cd .ssh

Make sure to view all of the files so to be sure you have the required files by using the command

$ ls -la

Generate a new ssh-key

$ ssh-keygen

You see the prompt as follows

Generating public/private rsa key pair. 
Enter file in which to save the key (/home/foo/.ssh/id_rsa): school 
# you can enter the name school as your public and private key name 
Enter passphrase (empty for no passphrase): 
# no need for a passphrase leave blank `enter` 

Your identification has been saved in /home/foo/.ssh/id_rsa. 

Your public key has been saved in /home/ylo/.ssh/id_rsa.pub. 


The key fingerprint is: SHA256:Up6KjbnEV4Hgfo75YM393QdQsK3Z0aTNBz0DoirrW+c foo@example 
The key's randomart image is:
 +---[RSA 2048]----+ | . ..oo..| 
| . . . . .o.X.| | . . o. ..+ B| 
| . o.o .+ ..| | ..o.S o.. | 
| . %o= . | | @.B... . | 
| o.=. o. . . .| | .oo E. . .. | 
+----[SHA256]-----+ klar (11:40) ~>

You have now successfully generate a ssh key public-key and private-key called school and school.pub.

The private key is save on the server and public key is used publicly.

First, the tool asked where to save the file. SSH keys for user authentication are usually stored in the user’s .ssh directory under the home directory. However, in enterprise environments, the location is often different. The default key file name depends on the algorithm, in this case id_rsa when using the default RSA algorithm. It could also be, for example, id_dsa or id_ecdsa.

Then it asks to enter a passphrase. The passphrase is used for encrypting the key, so that it cannot be used even if someone obtains the private key file. The passphrase should be cryptographically strong.

Go to your profile on intranet edit the SSH PUBLIC KEY copy and paste the public key of the school.pub key save it.

Then ask for a new server from your server action on your profile.

To view your ssh keys using the command line.

Note: Remember that all we have been doing we are in the root directory oof .ssh.

$ ls-la

SSH config file for your client side

This is a configuration file that enable a user or client to configure the default file so it could serve it purpose.

The ssh program on a host receives its configuration from either the command line or from configuration files ~/.ssh/config and /etc/ssh/ssh_config.

Command-line options take precedence over configuration files. The user-specific configuration file ~/.ssh/config is used next. Finally, the global /etc/ssh/ssh_config file is used. The first obtained value for each configuration parameter will be used.

NOTE There is a possibility that you might not find the global config file /etc/ssh/ssh_config in your directory but you can create a user config file ~/.ssh/config on your own.

All you need to do is to access the file through the command

$ vim /etc/ssh/ssh_config

Edit the following inside the file

PubKeyAuthentication yes 
ForwardAgent yes 
ForwardX11 yes 
IdentityFile ~/.ssh/school
PasswordAuthentication no 
Host *

Close and save.

If it happens that you have to manually create the config file, use the following

Edit the config file to as follows

#!/usr/bin/env bash 
# ssh config file 
# Host * 
# SendEnv LANG LC_* 
# HashKnownHosts yes 
# GSSAPIAuthentication yes 
# GSSAPIDelegateCredentials no 
# IdentityFile ~/.ssh/school 
# PasswordAuthentication no 



Host * 
IdentityFile ~/.ssh/school 
PasswordAuthentication no 
PubKeyAuthentication yes

Next, is giving your public school.pub authorization to the server e.g ubuntu20.04lts

Run the command to add your key to the server

$ echo YOUR-PUBLIC-KEY-IN-SCHOOL.PUB >> ~/.ssh/authorized_keys

This will add your pub key to the server

Next, restart the server

$ /etc/init.d/ssh restart

Finally you can log-in to the server using your ssh command

$ ssh ubuntu@ip_address

BONUS

To grant another User access all you need to do is get the user public-key and make sure you are on your root server you login, run the following

$ echo ssh-ed25519 ssh-ed25519-cert-v01@example.com ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa-cert-v01@example.com ssh-dss-cert-v01@example.com ecdsa-sha2-nistp256-cert-v01@example.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com ssh-rsa-cert-v00@example.com ssh-dss-cert-v00@example.com >> ~/.ssh/authorized_keys

For more just follow on:

GitHub Mustapha Aliyu Galadima

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Ssh
Ssh Keys
DevOps
Software Engineering

--

--

Mustapha Aliyu Galadima
Mustapha Aliyu Galadima

Written by Mustapha Aliyu Galadima

11 Followers
7 Following

Am very passionate about Software Engineering, an aspiring Full-Stack Engineer and most of my Blog post are based on Dev-op And Soft-ware Engineering. Love cod

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams