Secure Shell (SSH) SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network. Secure Shell provides strong authentication and encrypted data communications between two computers connecting over an open network such as the internet. Secure Shell capabilities: Functions that SSH enables include… ->SSH can be used interactively to enable terminal sessions; ->Secure remote access to SSH-enabled network systems or devices, for users as well as automated processes; ->secure and interactive file transfer sessions; ->automated and secured file transfers; ->secure issuance of commands on remote devices or systems; ->secure management of network infrastructure components;
How SSH works: The most basic use of SSH is for connecting to a remote host for a terminal session. The form of that command is: ssh [email protected] This command will cause the client to attempt to connect to the server named server.example.com; using the user ID UserName. If this is the first time negotiating a connection between the local host and the server, the user will be prompted with the remote host’s public key fingerprint and prompted to connect, despite there having been no prior connection:
The authenticity of host ‘sample.ssh.com‘ cannot be established.
DSA key fingerprint is 01:23:45:67:89
cd:ef:ff:fe:dc:ba:98:76:54:32:10.
Are you sure you want to continue connecting (yes/no)?
Answering “yes” to the prompt will cause the session to continue and the host key is stored in the local system’s known_hosts file. This is a hidden file, stored by default in a hidden directory, called /.ssh/known_hosts, in the user’s home directory. Once the host key has been stored in the known_hosts file, the client system can connect directly to that server again without need for any approvals: the host key authenticates the connection.
SSH commands: In addition to the ssh executable, SSH has other executable commands used at the command line for additional functions, including:
- ‘sshd‘ initiates the SSH server, which waits for incoming SSH connection requests and enables authorized systems to connect to the local host.
- ‘ssh-keygen‘ is a program for creating a new authentication key pairs for SSH, which can be used to automate logins, single sign-on and to authenticate hosts.
- ‘ssh-copy-id‘ is a program used to copy, install and configure an SSH key on a server to automate passwordless logins and single sign-ons.
- ‘ssh-agent‘ is a “helper” program that tracks identity keys and their passphrases — from which SSH derives an encryption key — and enables the user to use the identity keys to log into different servers without the need to re-enter passwords or passphrases. ->’ssh-add’ is used to add a key to the SSH authentication agent and is used with ssh-agent to implement single sign-on using SSH.
- ‘scp‘ is a program used for copying files from one computer to another and is an SSH-secured version of rcp, which is the Unix “remote copy” command.
- ‘sftp‘ is a program used for copying files from one computer to another and is an SSH-secured version of ftp, the original File Transfer Protocol. SFTP has become the preferred mechanism for file sharing over the internet, replacing both FTP and FTP/S (FTP with Security), which is a protocol for using FTP over an SSL/TLS tunnel
Recent Comments