SSH Client
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey Cybrarians and welcome back to the Linux plus
00:00
course here at Cybrary. I'm your instructor Rob Gills.
00:00
In today's lesson we're going to have
00:00
an overview of SSH and using SSH is a client.
00:00
Upon completion of this lesson,
00:00
you are going to be able to explain
00:00
how SSH is used as a client.
00:00
We're going to talk about the SSH connection process
00:00
and we're going to describe the purpose of
00:00
SSH client files and compare
00:00
the SSH client file versus the SSH server file.
00:00
Now to connect to a remote server,
00:00
we're ordinarily going to use SSH,
00:00
but we're going to use it as a client,
00:00
and that's an important distinction.
00:00
Now SSH provides an encrypted method of
00:00
connection to the remote server.
00:00
We've covered that before.
00:00
SSH replaces telnet, rsh,
00:00
and rexec, and we talked about that in Module 11.
00:00
Now SSH uses asymmetric encryption
00:00
with public and private key pairs.
00:00
That's how it establishes
00:00
that encrypted method of connection.
00:00
We're going to see how we carry
00:00
these key pairs in the next lesson.
00:00
But what we need to know for now is
00:00
that during connection establishment,
00:00
each end of an SSH connection is
00:00
going to exchange public keys.
00:00
Remember, we can share public keys,
00:00
we never want to share private keys.
00:00
OpenSSH is the most commonly installed thing
00:00
that we're going to find in Linux distributions
00:00
for working with SSH.
00:00
However, you may need
00:00
install it if it's not already installed.
00:00
Sometimes you're going to have to install it maybe like
00:00
Ubuntu and the SSH package
00:00
is very based on the distribution.
00:00
In CentOS or Fedora you're going to install
00:00
openssh, openssh-clients and openssh-server.
00:00
But if you're in Ubuntu,
00:00
you only need to install the clients and
00:00
server package and then you're all good.
00:00
Let's talk a little bit about
00:00
the connection process because
00:00
this is a little bit confusing.
00:00
The basic connection process goes like this.
00:00
As a client connecting to a remote server,
00:00
you say SSH, and then you login to user@remotehost.
00:00
Now what's going to happen is your system OpenSSH on
00:00
the client-side you connecting
00:00
to someone else going to say, well,
00:00
if you ever use SSH before, and if the answer is no,
00:00
it's going to create a directory.ssh
00:00
in your user home directory.
00:00
It's going to create a file called
00:00
known_hosts in that directory as well.
00:00
Now the next thing it's going to do is say, well,
00:00
have you ever connected to this remote host?
00:00
And if the answer is no, it's going
00:00
>> to prompt you to add
00:00
>> that remote host public key to the known host file.
00:00
Then finally, it's going to prompt you for
00:00
your password to
00:00
that remote host and established connection.
00:00
That's only if you haven't done
00:00
a key exchange and we'll talk more about that later.
00:00
But there is a way to do this
00:00
without providing a password at all,
00:00
and we do that through a key chain.
00:00
From the previous process,
00:00
we did see how known_host is
00:00
used to track remote hosts
00:00
that we've connected to previously,
00:00
so that known_host file contains
00:00
the public key for the servers that we've connected to.
00:00
That does get stored in the user SSH directory,
00:00
which is.ssh to a hidden file or a hidden directory.
00:00
We need to do ls-al to see it.
00:00
Then the full path to that
00:00
known_host file therefore is.ssh/known_hosts.
00:00
Now, the general syntax or structure of that file is
00:00
that each host or IP address is stored on its own line.
00:00
It's a record more or less.
00:00
The format for that is host name or IP.
00:00
The type of key it's using,
00:00
the type of key that it is,
00:00
and then the public key itself.
00:00
If we look at the very top of
00:00
the image on the right-hand side,
00:00
we can see that the IP addresses 192.168.1.207,
00:00
the key that it's using his ecdsa-sha2-nistp256,
00:00
and then we see all this random string characters.
00:00
Well, that's just a hashed public key of that type,
00:00
ecdsa-sha2-nistp256 for 192.168.1.207.
00:00
There we go, that's the known_host file.
00:00
Now another important file that we'll find in
00:00
the user SSH directory is the SSH or
00:00
>> OpenSSH config file.
00:00
>> It's that.ssh/config.
00:00
By default, this file is blank.
00:00
Sometimes it may not even be there,
00:00
but you can use it.
00:00
It's really helpful and you could use it to
00:00
do things like set up port forwarding,
00:00
setup X11 forwarding do SSH keep alives,
00:00
create an identity file.
00:00
We have an example of some of those here on the right.
00:00
If we set forward agent yes and forward X11, yes,
00:00
that enables X11 forwarding and that's where
00:00
we can connect to a remote system with SSH-X,
00:00
and basically launch Firefox.
00:00
It'll bring that graphical application
00:00
back to our local system.
00:00
We will work on Firefox is
00:00
if we were working on a locally,
00:00
but really it's running that off of the remote server.
00:00
Now we can also specify the identity file,
00:00
and this is what I was talking about when
00:00
we do key exchange and stuff.
00:00
If we say, hey, here's our private key,
00:00
that config file is going to know to load
00:00
up that private key for us.
00:00
That's where it can go when it
00:00
needs to set up a key connection.
00:00
Then also we can say what's called
00:00
a server alive interval.
00:00
This just sends a keep-alive message.
00:00
It's actually, it's just talks across
00:00
a wire every so often and just sends a packet to say,
00:00
hey, I'm still alive, please don't disconnect me.
00:00
In this case, the server alive interval is 600,
00:00
that's in seconds, so that's actually 10 minutes.
00:00
It sends a connection,
00:00
keep-alive every 10 minutes.
00:00
Now, OpenSSH provides
00:00
packages for both the client and server.
00:00
We saw this when we talked about
00:00
>> what you need to install
00:00
>> sometimes need to install
00:00
OpenSSH client and OpenSSH server,
00:00
but it's important to distinguish
00:00
between the two configuration files,
00:00
the global configuration files.
00:00
Etc/ssh/ssh_config is what's
00:00
used for client configuration.
00:00
Then etc/ssh/sshd_config is for
00:00
the server or OpenSSH daemon or
00:00
>> demon SSHD configuration.
00:00
>> Remember, SSH_config is used
00:00
for outbound connections to remote system.
00:00
If we're trying to connect to
00:00
a remote servers and they're
00:00
all using a different default port,
00:00
we might need to change that there
00:00
so that we know going out,
00:00
we're going to use a different port.
00:00
But if we're trying to modify our connections to allow
00:00
remote servers to come to us to
00:00
be the server that they're trying to reach,
00:00
we modify SSHD_config that's used for
00:00
inbound connections coming into
00:00
our system from another client.
00:00
For example, if we want to modify
00:00
>> our port so that people
00:00
>> can't connect to us on port
00:00
22 but they need to use a different port,
00:00
this is where we set that.
00:00
With that, in this lesson, we covered
00:00
>> how SSH is used as
00:00
>> a client and how OpenSSH is used and installed.
00:00
We talked about some SSH client files.
00:00
We talked about the two local files,
00:00
local to users, the
00:00
known_host file as well as the config.
00:00
Then we talked about the global SSH_config client file.
00:00
Then we compared that against
00:00
SSH daemon configuration file,
00:00
that global damon configuration file,
00:00
which is an etc/ssh/sshd_config.
00:00
Thank you so much for being here and I
00:00
look forward to seeing you in the next lesson.
Up Next
Instructed By
Similar Content
