View all posts →

Backend(Node) with Kernel

SSH

  1. SSH is nothing but a secure way of connecting other computers over the public network around the world.

  2. SSH is based on client server architecture, where an SSH server needs to be running on port 22 on the computer(server) and any one can use ssh client to connect to that computer.

  3. SSH works on top of TCP and it has its own protocol of sending and receiving msgs like HTTP.

  4. By default SSH runs on port 22, you can also run ssh server on any port.

  5. Communication is E2E encrypted.

  6. Authentication is followed either by password or password with 2FA or pubic private key.

How SSH works?

lets consider we have a computerA which is running an SSH server, computerB, C, D all want to connect to A.


Lets walthrough step by step:

  1. First in order to make computerA an ssh server, either u can install ssh-server packages like `openSSH-server` or u can manually create a TCP server under port 22 and manually handle ssh protocols for receiving and sending messages.
    Mostly `openSSH-server` would be easiest to start with, and this example is also gonna be based on this.

  2. Once u installed the above package, u can start your ssh-server by systemctl command `systemctl start sshd.service`, you can also enable to start this service on every boot by `systemctl enable sshd.service`, this command will by default run ur ssh-server on every login into ur computer.

  3. Once its started u can verify whether ur sshd is running or not by `systemctl status sshd.service`, u should see a message called "Active(running)".

  4. Once its active and running u can also see the configuration and other stuff for ur ssh-server under `/etc/ssh`. Here you will have a list of public and private keys like rsa_key, rsa_key.pub and ed25529, ed25529.pub etc. these keys are used when any client wants to connect to ur computer.

  5. Now lets focus on client, since our computerA has done setting up its ssh-server, now its time for any client(B, C or D) to connect. In order to connect with ssh server you need to install a package called `openssh client`, this package helps u to connect to any ssh server.

  6. Once u installed the client, you can connect to any ssh server by `ssh username@host`, username is the user that u want to connect into, for eg: computerA may be usera, userb, userc etc. if u want to connect to usera in computerA, you need to use `ssh usera@computerAIP`. by default it will connect to port 22, if u know ur server is running on different port u can use -p flag to provide different port number.

  7. Once u gave the above command and enter, this will show a msg something like below.

    The above msg indicates that you are connecting for the first time into this particular server(ComputerA). Basically when u connect for the first time, your ssh client and server first exchanges which ssh-protocol needs to follow ed25529 or RSA or something else, based on this ur ssh server will send its public key(ed25529 or RSA or etcc) that has been in the server path /etc/ssh/* to its client and the client stores that pub key in their folder path /home/user/.ssh/known_hosts. This public key is crucial part for the E2E encryption between ssh client and server.
    Adding to this server and client also exchanges which algorithm to follow for encryption like diffihelman etc, this is exactly as same as TLS for https in web. You can see all these details when u do `ssh user@host -v` -v for verbose mode.

  8. Once you passed the above step, you will prompting with password or password with 2FA(depending on how the computerA usera has their auth).
    Above is one way you can also login without password by using private and public keys, for this you need to create pub and priv keys and then send ur public key to the server(computerA), now the server(computerA) will store that public key under its path `/home/usera/.ssh/authorized_keys` store the private in any location in ur computer(B, C or D) for eg: lets say the client is storing private key under the path `/home/user/ssh-keys/`, now when u want to connect to server(computerA) u should do `ssh -i /home/user/ssh-keys/PRIVATE_KEY user@host`, this will automatically login without asking any password or other mechanisms.
    NOTE: Don't generate pub and priv keys in online or something use tools like ssh-keygen, and store ur private key securely.

Use cases

SSH is being used everywhere like accessing ur resources on any cloud platform(aws, gcp etc), github uses ssh to clone, ngrok uses ssh to tunnel(when u run ssh -R REMOTE_PORT:localport user@host, u can access ur localport in host:port and share with others), tools like scp uses ssh to safely transfer ur files from one computer to another, kubernetes port forwarding (when u run ssh -L local_port:remote_port user@host, u can access ur remote stuff under local:local_port) uses ssh etc>

View all posts →