We have many times logged onto servers via ssh command using our terminal or if you are a windows user you must have used putty to login to any cloud servers (AWS for example). But do we know how exactly SSH protocol works?
SSH stands for Secure Shell which is a secure way of connecting to a public server over the internet. SSH is widely used by network administrators for managing systems and applications remotely, allowing them to log into another computer over a network, execute commands and move files from one computer to another.
SSH works on Client-Server model: Client is where the session is displayed and Server is where session runs. SSH by default runs on TCP port 22.
The most basic use of using ssh is ssh username@server
This command will cause the client to connect to the server (172.20.10.2) with the username (root) given. Afterwards, for first-time connections the user will be prompted with the remote host’s public key fingerprint and prompted to connect, despite there having been no prior connection:
The authenticity of host '172.20.10.2' cannot be established. DSA key fingerprint is 01:23:45:67:89:ab:cd:ef:ff:fe:dc:ba:98:76:54:32:10. Are you sure you want to continue connecting (yes/no)?
Answering “yes” to the prompt will cause the session to continue and the host key is stored in the local system’s known_hosts file. This is a hidden file, stored by default in a hidden directory, called /.ssh/known_hosts, in the user’s home directory. Once the host key has been stored in the known_hosts file, the client system can connect directly to that server again without the need for any approvals: the host key authenticates the connection. Afterwards, it will prompt you to enter the password and a secure connection will be established.
The known_hosts files can sometimes be exploited by hackers. Also adding username and password in automated scripts can put your server to risk as anyone with access to source code can view those details.
To overcome these problems we use SSH KEYS (click for more info).