Ready to Start Your Career?

Infosec 101 - SSH Tutorial

GodSpeed 's profile image

By: GodSpeed

June 23, 2016

Infosec 101 - SSH Tutorial - CybraryThe Infosec 101 series is geared towards relatively new members of the information security domain and will include some basic, yet important, concepts. This is the first post in the series. SSH stands for secured shell. It works on TCP port 22 and is used for remote administration. It's an asymmetric cryptographic protocol and, hence, makes use of a public and private key. SSH was a replacement for TELNET (TCP PORT 23) which didn’t employ data encryption.We'll use Openssh for our practical, with both machines on the local network. The server machine will be running Ubuntu, while the client will be a machine running Kali Linux. Setting Up the ServerOn Ubuntu:

Sudo apt-get install openssh-server

Ssh-keygen –t rsa

Command 1 installs the openssh server on Ubuntu machine.Command 2 generates the public and private keys.Once the keys are generated, they're stored in the home/username/.ssh directory. The private keys and public keys file have the name - id_rsa and id_rsa.pubYou'll be asked to put a password for this folder. It's suggested you choose a strong one and then create a file with the name authorized_keys. This file will have the public keys of the client, which connect to the server. On the Client SideOn the client side, we need to generate keys in the same way as we did on server.

Ssh-keygen –t rsa

Again, the public and private keys will be created and stored in the .ssh folder. Key ExchangeTo connect client to the server, the public key of the client needs to be copied in the ‘authorized_keys’ file inside the .ssh folder.To copy the public key of the client, we'll the following command:Ssh-copy-id username@IPThe ssh-copy-id command is present in the openssh package. It automatically copies the public key from the .ssh directory on the client machine to the authorized_keys files in the .ssh directory on the server. The ConnectionTo connect to the server:Ssh username@IPEnter yes as input to warning message and you'll have the terminal of the server to play with the files. Thanks and good luck!
Schedule Demo