SSH

Basics

Were you ever on one computer and thought "I really wish I was able to interact with that other computer"... Well you can with SSH! SSH is the Secure Shell protocol that can be used to remote into other systems using a secure and cryptographic connection. OpenSSH is one of the main tools for using this protocol. There are two parts to this protocol, the SSH client and the SSH server. The SSH client is the application that is trying to remote into another system while the SSH server is the system accepting SSH connections (The system serving clients).

Client Installation

For whatever reason, if the openssh-client is not installed on your system, review the following. Most systems have it installed by default (Usually)

Server Installation

This one is not usually installed because if there is no reason to have a remote connection so a system, it should not be listening for connection requests (That would be a security issue). Only install and set this up on systems that you want to remote into.

Basic Connection

The first example connection that can be made is a simple one with a username and password. This type of connection should only be used on a LAN or a VPN if at all for security reasons. The security reason is that malicious actors tend to spam default SSH ports/servers and then randomly guess passwords. Therefore, eventually, they will break in. To make the connection, you use a user on the system that you want to connect to and its IP address. It will ask to confirm the fingerprint for the connection. Then you use the password for that user on the remote system you are connecting to

SSH Keys

SSH Keys are the backbone of a secure remote connection. A key is composed of a public and private key. The public key is shared with the remote systems that you want to connect to, while the private key is never shared with anything else. However, it needs to stay on the system that generated the key so that it can be used in the connection. To generate a key pair, use the command below. It will ask for a file path to save the keys, this is where they will be stored. This is usually in /home/user/.ssh/id_keyname_xyz. Then it will ask for a passphrase to use while using the keys (i.e when you SSH into other systems). Confirm the passphrase. Boom, keys generated

Putting Public SSH Keys Onto The Server

Now that the keys have been generated, its time to use them. There are two ways to do this depending on the server configuration. If the SSH server is default you can do ssh-copy-id. This will copy your local public key(s) to the user on the remote systems authorized_keys file

If the SSH server has already been configured to have no authentication (Which we will set up next), then you will have to manually copy the public key to the authorized_keys file. You just need the contents of the public key file, so you can aquire that using the cat command. Then copy/append that text to the user on the remote systems authorized_key file (Usually found in /home/user/.ssh/authorized_keys)

On the client:

On the server:

Hardening the Connection

Now that the keys have been generated on the client, and the server has the clients public key, it's time to remove password authentication from the server's SSH service. This will make it so that you do not use a password when SSHing, but rather it will default to your SSH key and log you in using the pairing on the public and private keys from your system. This in turn, makes it harder for malicious actors to access your remote system/server as if they do not have the private and public key when SSHing, then the connection will be refused. They will not have the abilty to brute force the password anymore as well.

Change the following line from this:

To this:

Then make sure to restart the service so that the changes take effect