Table of Contents

Toggle

SSH

SSH (Secure Shell) is a network protocol that allows secure remote access to computers over an unsecured network. It encrypts data, supports various authentication methods (like password and key-based), and is commonly used for logging into remote systems, executing commands, and transferring files securely.

Key Features of SSH:

Overview:

• Purpose: SSH provides a secure way to access and manage remote systems, replacing older protocols like Telnet and rlogin, which transmit data in plaintext and are vulnerable to eavesdropping.
• Usage: Commonly used by system administrators to remotely manage servers, configure network equipment, and perform secure file transfers.

Encryption:

• Symmetric Encryption: SSH uses symmetric encryption algorithms like AES, DES, or Blowfish to encrypt the data exchanged between the client and server. Both ends of the connection share a secret key generated during the SSH handshake, which is used for encrypting and decrypting the session data.
• Asymmetric Encryption: Public-key cryptography is used during the initial handshake to securely exchange the secret key. RSA or ECDSA are common algorithms for this purpose.
• Data Integrity: SSH ensures data integrity by using message authentication codes (MACs), which verify that the data has not been tampered with during transmission.

Authentication Methods:

• Password Authentication: The user logs in with a username and password. While straightforward, this method is less secure because passwords can be intercepted or guessed.
• Public Key Authentication: In this method, the user generates a pair of cryptographic keys (public and private). The public key is placed on the server, and during login, the server challenges the client to prove it possesses the corresponding private key. This is more secure than password-based authentication.
• Multi-Factor Authentication (MFA): SSH can be configured to require additional forms of verification, such as time-based one-time passwords (TOTP) or hardware tokens, adding an extra layer of security.

Port Forwarding:

• Local Port Forwarding: Redirects traffic from a local port to a remote server, enabling secure access to services hosted on internal networks.
  • Example: Forwarding traffic from a local machine’s port 8080 to a remote web server’s port 80.
• Remote Port Forwarding: Redirects traffic from a remote server’s port to a local machine.
• Dynamic Port Forwarding: Configures a SOCKS proxy on the local machine, which can be used to route traffic through the SSH server to any destination.

File Transfer Protocols:

• SCP (Secure Copy Protocol): A simple and secure way to transfer files between local and remote systems. It works over SSH and uses the same encryption and authentication mechanisms.
• SFTP (SSH File Transfer Protocol): A more feature-rich protocol for file transfer, providing capabilities like directory listing and resuming interrupted transfers. SFTP operates over SSH and ensures that all data is encrypted.

X11 Forwarding:

• Allows graphical applications running on a remote server to be displayed on the local machine. SSH forwards the X11 protocol (used by many Unix/Linux graphical applications) over the encrypted connection.

Tunneling and VPN:

• SSH can be used to create encrypted tunnels or even a rudimentary VPN, allowing secure communication between different parts of a network. This is useful for securing otherwise unencrypted protocols or accessing internal network resources securely from a remote location.

Configuration and Usage:

• Client Configuration: SSH clients like OpenSSH can be configured via the ~/.ssh/config file, where you can set default options for connections, such as the default user, port, and identity file (private key).
• Server Configuration: The SSH server configuration is typically found in /etc/ssh/sshd_config. This file controls various settings like allowed authentication methods, port number, and permitted users.
• Common Commands:
  • Connecting to a Server: ssh user@hostname
  • Copying Files: scp localfile user@hostname:/remotepath/
  • Starting an SFTP Session: sftp user@hostname

Security Considerations:

• Key Management: It’s crucial to manage SSH keys securely, keeping private keys protected and periodically rotating them.
• Firewall Configuration: Restrict SSH access to specific IP addresses using firewalls to reduce the attack surface.
• Brute-Force Protection: Use tools like fail2ban to prevent brute-force attacks by blocking IPs after multiple failed login attempts.

Common Tools and Implementations:

• OpenSSH: The most widely used SSH implementation, available on most Unix-like systems, including Linux and macOS.
• PuTTY: A popular SSH client for Windows that supports terminal sessions, file transfers, and other SSH functionalities.
• MobaXterm: An advanced Windows terminal that integrates SSH, SFTP, and other network tools.

Advanced Features:

• Agent Forwarding: Allows you to use your local SSH keys when accessing a remote server, even when making further SSH connections from that remote server.
• ProxyJump: Enables connecting to a remote host through an intermediary (jump) host, useful for accessing hosts behind a firewall.
• Certificate Authentication: Instead of using raw public keys, SSH can use signed certificates for authentication, which can simplify key management in large environments.

Logs and Auditing:

• SSH logs are typically stored in /var/log/auth.log or /var/log/secure depending on the system. These logs contain information about login attempts, key exchanges, and other SSH-related activities, useful for security monitoring and auditing.

Connecting server via SSH in linux