How to Use SSH

Hey everyone! Are you working with servers or remote systems? Then you need to know about SSH. It's like a super-secure tunnel for getting into those systems from afar. Let's dive in!

What's SSH? Why Bother?

SSH stands for Secure Shell. Think of it as a secret code that keeps your connection safe when you're logging into a computer somewhere else. It's way better than older, riskier ways of connecting.

Why is SSH so great? Glad you asked:

• Encryption: It scrambles your data, so no one can peek at it. Like a secret language!
• Authentication: It makes sure you are who you say you are. No imposters allowed!
• Integrity: It makes sure the data doesn't change along the way. What you send is what they get.
• Remote Access: You can get into your servers from anywhere. Coffee shop? No problem!

These days, lots of us work remotely. SSH helps us manage our stuff, like websites and apps, from wherever we are. It's super important.

SSH Basics: Getting Connected

So, how do you actually use SSH? It's pretty simple.

1. Open a Terminal: If you're on a Mac or Linux, find the "Terminal" app. Windows? Use PowerShell or a program called PuTTY.
2. Type the Magic Words: Here's the command you'll use:

ssh username@hostname

See that username? Change it to your username on the other computer. And change hostname to the computer's address (like example.com). For instance:

ssh [email protected]

3. Password Time: It'll ask for your password. Type it in carefully. You won't see the letters, but they're going in! Hit Enter.
4. Success! If you got it right, you're in! You should see a command prompt, ready for your orders.

Cool SSH Command Tricks

The ssh command can do even more! Here are some extras:

• -p port: If the server uses a different door (port), tell SSH. Example: ssh -p 2222 username@hostname
• -i identity_file: Use a special key to log in (more on that later!). Example: ssh -i ~/.ssh/id_rsa username@hostname
• -v: See everything that's happening. Good for fixing problems. Example: ssh -v username@hostname
• -X or -Y: Run programs with pictures on the server, but see them on your computer. -Y is usually better. Example: ssh -X username@hostname

Super-Safe Login with SSH Keys

Typing passwords? It works, but it's not the safest. Keys are like a secret handshake. Much harder to crack.

Making Your Keys

Use the ssh-keygen command. It makes two keys: one private (keep it secret!) and one public (give it to the server).

1. Terminal Time: Open your terminal.
2. Run the Magic: Type this and hit Enter:

ssh-keygen

3. Where to Save? It'll ask where to put the key. Just hit Enter to use the normal spot.
4. A Secret Phrase? It'll ask for a "passphrase." Like a password for your key! Do it. It's smart. Type it, then type it again.
5. Done! You'll see some weird art. That's your key!

Giving the Server Your Public Key

Now, the server needs your public key. The easiest way is with the ssh-copy-id command, if you have it.

1. Use the Copy Command: Type this and hit Enter:

ssh-copy-id username@hostname

Change username and hostname like before.

2. Password Time (Again): It'll ask for your password one last time.
3. Key Installed! The key is now on the server.

Don't have ssh-copy-id? No problem. Do it the old-fashioned way:

1. Show the Key: Type this and hit Enter:

cat ~/.ssh/id_rsa.pub

2. Copy It: Copy all that text.
3. Connect with Password: Use the normal ssh command with your password.
4. Edit the File: Type this and hit Enter:

nano ~/.ssh/authorized_keys

5. Paste It: Paste the key into that file. Make sure it's all on one line.
6. Save and Exit: Save the file.

Lock Down Password Login

Now that you have keys, turn off password logins! Makes things way safer.

1. Connect to the Server: Use SSH.
2. Edit the File: Type this and hit Enter:

sudo nano /etc/ssh/sshd_config

3. Find the Line: Look for PasswordAuthentication yes.
4. Change It: Change it to PasswordAuthentication no.
5. Find the Line: Look for ChallengeResponseAuthentication yes.
6. Change It: Change it to ChallengeResponseAuthentication no.
7. Save and Exit: Save the file.
8. Restart SSH: Type one of these, depending on your system:

sudo systemctl restart sshd

sudo service ssh restart

Important! Make sure you can log in with your key before turning off passwords. Otherwise, you'll be locked out!

SSH Pro Moves

Got the basics down? Let's get fancy.

Port Forwarding: Secret Tunnels

Imagine a secret tunnel from your computer to the server. That's port forwarding!

• Local Tunnel: Sends stuff from your computer to the server.

ssh -L local_port:remote_host:remote_port username@hostname

Example: Send stuff from your computer's port 8080 to the server's port 80:

ssh -L 8080:example.com:80 username@hostname

ssh -R remote_port:local_host:local_port username@hostname

Example: Send stuff from the server's port 8080 to your computer's port 80:

ssh -R 8080:localhost:80 username@hostname

ssh -D local_port username@hostname

Example: Use port 1080 for the proxy:

ssh -D 1080 username@hostname

Super-Safe Network with SSH

SSH tunnels keep your data safe, even on sketchy networks. Good for passwords and other secrets.

SSH Settings: The Config File

Tired of typing long commands? Make a config file! It lives at ~/.ssh/config.

Example:

Host example HostName example.com User john.doe Port 2222 IdentityFile ~/.ssh/id_rsa

Now, just type ssh example to connect!

Uh Oh! SSH Problems

Stuff breaks sometimes. Here's how to fix it.

• "Connection Refused": Server isn't running or firewall is blocking. Check the server and firewall.
• "Permission Denied": Wrong permissions or bad key. Check your ~/.ssh/authorized_keys file and make sure permissions are 700 for ~/.ssh and 600 for authorized_keys.
• "Network is Unreachable": Can't find the server. Check the address and your network.
• "Too many authentication failures": Too many keys. Tell SSH which key to use with ssh -i ~/.ssh/my_key username@hostname.

SSH: You Got This!

SSH is your friend for safe remote access. Learn these tricks, keep your software updated, and you'll be a pro in no time! Remember to prioritize security—it's worth it.