SSH (Secure shell)

SSH, or Secure Shell, is a remote communication protocol that allows users to interact with remote servers over the Internet.

It provides a mechanism to authenticate a remote user, transfer input from the client to the host, and relay output back to the client in a secure manner.

../_images/symmetric-encryption-ssh-tutorial.jpg

Fig. 24 Schematic of an SSH transaction. Credit: Hostinger

Fonctionnement de SSH

If you are using Linux or Mac, then using SSH is very simple. If you are using Windows, you will need to use an SSH client to open SSH connections. The most popular SSH client is PuTTY.

ssh {user}@{host}

{user} represents the account you wish to access. {host} refers to the server you wish to access. This can be an IP address (e.g. 244.235.23.19) or a domain name (e.g. www.xyzdomain.com)

Authentification de l’utilisateur

Password: Although passwords are encrypted, it is still not recommended to use passwords for secure connections. This is because many bots can simply force easy passwords or default passwords, and access your account.

Asymmetric key: This is a set of asymmetric keys used to authenticate the user without having to enter a password. Each user has a private key and a public key. You must never communicate your private key, the public key must be sent to the remote servers.

Générer une paire de clé SSH

$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/daenerys/.ssh/id_rsa): /home/daenerys/.ssh/id_sample
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/daenerys/.ssh/id_sample
Your public key has been saved in /home/daenerys/.ssh/id_sample.pub
The key fingerprint is:
SHA256:0+spOFzzGYQbLI2oj4hHgSZOenTWIEaslTgWmeLgUvo daenerys@castlerock
The key's randomart image is:
+---[RSA 3072]----+
| ==.             |
|=+B .            |
|*O . + + .       |
|*=o + + =..      |
|Bo =   .S+.      |
|..E     +...     |
|.+ o . o o.o     |
|o o . + ..o.     |
| .     . .o      |
+----[SHA256]-----+

Copier la clé SSH sur un serveur distant :

ssh-copy-id {user}@{host}

SSH config

To manage multiple SSH servers, it is possible to create a config file on your machine to easily connect.

touch ~/.ssh/config
chmod 600 ~/.ssh/config

Exemple

Host targaryen
    HostName 192.168.1.10
    User daenerys
    Port 7654
    IdentityFile ~/.ssh/targaryen.key

Host tyrell
    HostName 192.168.10.20

Host martell
    HostName 192.168.10.50

Host *ell
    user oberyn

Host * !martell
    LogLevel INFO

Host *
    User root
    Compression yes

Utilisation

ssh targaryen

SCP

Transfer one or more files securely via the SSH protocol.

scp /home/daenerys/dragon.jpg daenerys@castlerock:/home/daenerys/dragon.jpg
scp -R /home/daenerys/dragon-eggs daenerys@castlerock:/home/daenerys/dragon-eggs

SSH tunnels

ssh -f user@monserveur -L 2500:localhost:80 -N

Proxy http

ssh -D 1337 -q -C -N user@monserveur
  • -D 1337: open a SOCKS proxy on local port :1337. If that port is taken, try a different port number. If you want to open multiple SOCKS proxies to multiple endpoints, choose a different port for each one.

  • -C: compress data in the tunnel, save bandwidth

  • -q: quiet mode, don’t output anything locally

  • -N: do not execute remote commands, useful for just forwarding ports

../_images/socks5_browser_settings.png

Fig. 25 Configuration of a proxy on macOS.

sshfs

Mount a distant folder on your computer with ssh :

sshfs user@host:/groups/comput/gestionSI/ mnt/

rsync

Rsync, which stands for “remote sync”, is a remote and local file synchronization tool. It uses an algorithm that minimizes the amount of data copied by only moving the portions of files that have changed.

The basic command is pretty simple, rsync [options] [source] [destination], and in this simple form you can easily copy data between local directories. ie:

rsync /home/daenerys/dragon.jpg daenerys@castlerock:/home/daenerys/dragon.jpg
rsync -r /home/daenerys/dragon-eggs/ daenerys@castlerock:/home/daenerys/dragon-eggs/

It is important to note that if you want to copy just the contents of the source directory, you must end with a trailing “/”. If you fail to add the trailing “/” rsync will copy the specified directory as well as the contents into the destination. Rather than just the contents of the directory.

As in this example which will recursively transfer the files while preserving their permissions and timestamps. Also giving verbose output and zipping the files during transfer.

rsync -avzh /home/bdoga/source/ /home/bdoga/destination/