What is SSH?

SSH (Secure Shell) is a protocol used to securely access and manage remote systems over insecure networks. It’s widely used to log into remote Linux/Unis servers, transfers files, and run common across multiple machines.

Basic SSH Concepts

  1. SSH Client

Software on your computer that initiates the connection Example: terminal, Konsole, PuTTY, & more.

  1. SSH Server

The remote computer you want to access; It listens for incoming SSH request and process them accordingly.

  1. Authentication

Most commonly done via passwords or cryptographic keys (recommended for security)

How SSH Authentication Works

  • Password Authentication: Entering the actual password of the machine you want to access. Which less secure if you are entering the actual password and there’s a chance it might get compromised.
  • Key-based Authentication: You create a key pair (private & public). The private key stays on your device and the public key goes on the server. It only lets you login if the keys match else there’s no prompt for password. It’s considered the most secure way to authenticate inside a machine. Where you enter the password for SSH key and additionally, it also checks for the private key in your machine as well.

Add SSH Authentication In Servers

It’s a simple task to enter ssh key authentication in the server you want.

  • Using ssh-copy-id tool (recommended)
# uses the default ssh key available in your device
ssh-copy-id username@remoteHost

# uses the specific ssh key available in your device
ssh-copy-id -i ~/.ssh/id_rsa.pub username@remoteHost

Replace username@remoteHost with the server’s username and IP address.

The above command appends your public key to the ~/.ssh/authorized_keys file on the target server, creating directory/file and setting correct permissions automatically.

  • Manually add your public key
cat ~/.ssh/id_rsa.pub | ssh username@remoteHost "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

This also appends your public key to the authorized list for SSH logins on the server

Finally, try logging into the remote server and you will be prompted with the SSH key password rather than the actual password prompt for the remote device.

SSH Keys in Linux

Generate SSH Keys

  • Most common algorithms are RSA or ED25519
ssh-keygen -t ed25519 -C "your_email@example.com"

#prefer usign RSA for legacy systems
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  • You’ll be prompted for a location to save the key; Press enter for default location or enter your custom location.
  • The generated files will look like:
    • Private key: ~/.ssh/id_ed25519 or ~/.ssh/id_rsa
    • Public key: ~/.ssh/id_ed25519.pub or ~/.ssh/id_rsa.pub

Listing SSH Keys

  • Default SSH keys are stored inside ~/.ssh directory.
  • You should see files like id_rsa, id_rsa.pub, id_25519, id_25519.pub and others like
    • config: which stores the details of remote server for easy access and login.
    • known_hosts: added by the ssh, list of connected remote host informations.

Removing SSH Keys

  • Delete a key pair (be cautious!)
rm ~/.ssh/id_ed25519 ~/.ssh/id_ed25519.pub

This is enough to remove the ssh keys, there’s no need for additional commands to remove them.

Updating SSH Keys

  • Simply run ssh-keygen again and choose to overwrite the existing key, or select a different filename for a new key.
  • If you overwrite, old keys will not work for authentication anymore.
    • You need to update the remote server’s authorized_keys with your new public key.
    • To update SSH key on a remote server:
    ssh-copy-id -i ~/.ssh/new_id_25519.pub username@hostName

Other Essentials About SSH

  • Managing multiple keys: You can keep different key pairs and specify which one to use per server in your ./ssh/config.
  • Securing your private key: Prefer using strong password, restrict file permission of private key to ensure only you can read it and never share the private key.

SSH Login

  1. Connect using a specific private SSH key.
ssh -i /path/to/privateKey username@hostName
  1. Connect to a specific IP as “username”.
ssh <username>@hostName

Change the <username> to the user you want to login as.

  1. Run a single command on the remote server without logging inside.
iamyaash@fedora:~$ ssh zero-pi uptime
Enter passphrase for key '/home/iamyaash/.ssh/id_<keyID>': 
 14:52:27 up  2:27,  0 user,  load average: 0.02, 0.01, 0.00