work with SSH

Hello every one, in this article we going see and work with SSH in order to connect to a remote Server and secure a non secure TCP Connection.

 What's SSH ?
Secure Shell, or SSH, is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network.

Install SSH Server
To install SSH Server on Linux Machines:
Debian : $ apt-get install openssh-server
redhat  : $ yum install openssh-server

The Configuration file location will be : /etc/ssh/sshd_config
Authentication !
For remote login, you need the username and the password in order to access, Or a Key Pair .
$ ssh user@hostname
This command allow remote login using the username and the password.

Generate a key Pair
$ ssh-keygen -t rsa
1 - This will generate a key Pair using RSA Algorithm encryption.
2 - Enter  the file Path in which to save the key
3 - Enter the passphrase (empty for no passphrase)
Note : If you Enter the passphrase, you will then need to Enter it every time you want connect to the Server

Now you have 2 keys :
id_rsa        = Private key which store in you're desktop = Public key which you need to send it to the remote server

$ scp ~/.ssh/ user@host:/home/user/.ssh/authorized_keys

This command will copy the Public key into the Server inside ".ssh/authorized_keys".

$ ssh -i ~/.ssh/id_rsa user@host
This will connect to the Server using the Private Key.

SSH Config File to make a short cut
We going see how to Configure a file in order to minimise the commands.

Host <host-IP>
         User <username>
         HostName <Host-IP>
         IdentityFile ~/.ssh/id_rsa

Those tools allows you to secure transfer files from/to the SSH Server.

Create SSH Tunnel
This SSH Feature allows you to create a SSH Tunnel for others TCP Services, so with this way we will secure the data transfer from/to the Destination and the Source.

$ ssh -L 9000:localhost:3306 user@host -N
This command will open a local port 9000 which is a tunnel to the host on port 3306.
To close the tunnel, only thing you need to press "Ctrl+C".




Oussama Amri 21 years, security professional from Tunisia. Lover of computer science especially programming and secuirty. Follow me On :

Popular Posts Powered by Blogger.