Secure Linux Connecting: Mastering the Art of SSH

Introduction

Secure Shell (SSH) is a cryptographic network protocol used to securely access remote servers over an unsecured network. As a professional in the IT field, understanding how to establish secure connections to Linux servers is an essential skill.

In this lab, you will learn how to generate SSH key pairs, manage your keys, and set up SSH for secure authentication. This knowledge is fundamental for system administrators, developers, and cybersecurity professionals who need to securely access and manage remote systems.

By completing this lab, you will gain hands-on experience with SSH, which is the industry standard method for secure remote administration of Linux servers and secure file transfers.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("Linux")) -.-> linux/BasicFileOperationsGroup(["Basic File Operations"]) linux(("Linux")) -.-> linux/FileandDirectoryManagementGroup(["File and Directory Management"]) linux(("Linux")) -.-> linux/RemoteAccessandNetworkingGroup(["Remote Access and Networking"]) linux(("Linux")) -.-> linux/VersionControlandTextEditorsGroup(["Version Control and Text Editors"]) linux/BasicFileOperationsGroup -.-> linux/ls("Content Listing") linux/BasicFileOperationsGroup -.-> linux/cat("File Concatenating") linux/BasicFileOperationsGroup -.-> linux/chmod("Permission Modifying") linux/FileandDirectoryManagementGroup -.-> linux/cd("Directory Changing") linux/FileandDirectoryManagementGroup -.-> linux/mkdir("Directory Creating") linux/RemoteAccessandNetworkingGroup -.-> linux/ssh("Secure Connecting") linux/VersionControlandTextEditorsGroup -.-> linux/nano("Simple Text Editing") subgraph Lab Skills linux/ls -.-> lab-271389{{"Linux Secure Connecting"}} linux/cat -.-> lab-271389{{"Linux Secure Connecting"}} linux/chmod -.-> lab-271389{{"Linux Secure Connecting"}} linux/cd -.-> lab-271389{{"Linux Secure Connecting"}} linux/mkdir -.-> lab-271389{{"Linux Secure Connecting"}} linux/ssh -.-> lab-271389{{"Linux Secure Connecting"}} linux/nano -.-> lab-271389{{"Linux Secure Connecting"}} end

Understanding SSH Basics

SSH (Secure Shell) is a protocol that provides a secure way to access remote computers. Unlike older protocols like Telnet, SSH encrypts all communications between the client and server, protecting your data from eavesdropping.

SSH offers several advantages:

Encrypted communications
Strong authentication methods
Data integrity verification
Secure file transfers

Let's start by checking if SSH is installed on your system. Open your terminal and run:

ssh -V

You should see output similar to this, showing the installed SSH version:

OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022

Now, let's navigate to our project directory where we'll work:

cd ~/project

This command changes your current directory to /home/labex/project, which is where we'll perform all our operations in this lab.

Generating SSH Key Pairs

SSH supports several authentication methods, but key-based authentication is the most secure and convenient. In this step, you will generate a pair of SSH keys.

An SSH key pair consists of:

A private key: This is like your secret password and should never be shared.
A public key: This can be safely shared with remote servers you want to connect to.

To generate a new SSH key pair, use the ssh-keygen command:

ssh-keygen -t rsa -b 4096

This command specifies:

-t rsa: Use the RSA algorithm for key generation
-b 4096: Create a key with 4096 bits, which provides strong security

When you run this command, you'll be prompted to:

Enter a file path to save the key (press Enter to accept the default path ~/.ssh/id_rsa)
Enter a passphrase (you can leave this empty for this lab by pressing Enter twice)

Here's an example of what you should see:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/labex/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/labex/.ssh/id_rsa
Your public key has been saved in /home/labex/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz1234567890 labex@hostname
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|       . .       |
|      . + .      |
|     . = + .     |
|    . = S = .    |
|   . . = = + .   |
|    . . + = + .  |
|     . . + + .   |
|      .. . .     |
+----[SHA256]-----+

Now, let's examine the keys that were generated. To view your public key, use:

cat ~/.ssh/id_rsa.pub

This will display your public key, which looks like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQ... (long string of characters) ...labex@hostname

Remember, the public key can be shared, but the private key (~/.ssh/id_rsa) must be kept secure and should never be shared with anyone.

Understanding SSH Key Permissions

SSH is very particular about file permissions for security reasons. In this step, you will learn about the correct permissions for SSH keys and how to set them.

Let's check the current permissions of your SSH keys:

ls -la ~/.ssh/

You should see output similar to this:

total 16
drwx------ 2 labex labex 4096 Jan 1 12:00 .
drwxr-xr-x 3 labex labex 4096 Jan 1 12:00 ..
-rw------- 1 labex labex 3381 Jan 1 12:00 id_rsa
-rw-r--r-- 1 labex labex  741 Jan 1 12:00 id_rsa.pub

The correct permissions are:

Private key (id_rsa): 600 (readable and writable only by you)
Public key (id_rsa.pub): 644 (readable by everyone, writable only by you)
.ssh directory: 700 (accessible only by you)

If your permissions are different, you can set them correctly with:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

Let's verify the permissions have been set correctly:

ls -la ~/.ssh/

The output should now show the correct permissions:

total 16
drwx------ 2 labex labex 4096 Jan 1 12:00 .
drwxr-xr-x 3 labex labex 4096 Jan 1 12:00 ..
-rw------- 1 labex labex 3381 Jan 1 12:00 id_rsa
-rw-r--r-- 1 labex labex  741 Jan 1 12:00 id_rsa.pub

These permissions are critical for security - SSH will refuse to work if the permissions are too open, as this would risk exposing your private key.

Setting Up SSH Authentication

In this step, you will learn how to set up SSH key-based authentication. This allows you to log in to remote servers without typing a password every time.

For SSH key authentication to work, you need to copy your public key to the server's ~/.ssh/authorized_keys file. In a real-world scenario, you would use the ssh-copy-id command to do this:

## Example for reference (Do not run this)
## ssh-copy-id username@remote_host

Since we don't have a real remote server for this lab, we'll simulate this process by creating a local authorized_keys file.

First, let's create the .ssh directory if it doesn't already exist:

mkdir -p ~/.ssh

The mkdir -p command creates the directory if it doesn't exist and does nothing if it already exists.

Now, let's create or append to the authorized_keys file:

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

This command appends your public key to the authorized_keys file. In a real environment, this file would be on the remote server.

Let's verify the content of the authorized_keys file:

cat ~/.ssh/authorized_keys

You should see your public key in the output, which should look similar to:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQ... (long string of characters) ...labex@hostname

Finally, let's make sure the authorized_keys file has the correct permissions:

chmod 600 ~/.ssh/authorized_keys

This sets the permissions to read and write for the owner only, which is a security requirement for the authorized_keys file.

Understanding the SSH Config File

SSH allows you to customize its behavior through the SSH config file. This is especially useful when you connect to multiple servers regularly.

Let's create an SSH config file to see how it works:

nano ~/.ssh/config

This opens the nano text editor. Add the following content to the file:

## Default settings for all hosts
Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3

## Example server configuration
Host example
    HostName example.com
    User username
    Port 22
    IdentityFile ~/.ssh/id_rsa

In this configuration:

ServerAliveInterval 60 sends a keep-alive signal every 60 seconds
ServerAliveCountMax 3 disconnects if the server doesn't respond to 3 consecutive signals
The Host example section creates an alias so you can connect with ssh example instead of ssh [email protected] -p 22

To save the file in nano, press Ctrl+O, then Enter to confirm, and Ctrl+X to exit.

Now, let's set the correct permissions for the config file:

chmod 600 ~/.ssh/config

This ensures only you can read and write to this file, which is important for security.

In a real-world scenario, you would now be able to connect to the server simply by typing:

## Example for reference (Do not run this)
## ssh example

Instead of:

## Example for reference (Do not run this)
## ssh [email protected] -p 22

The SSH config file is a powerful tool that can save you time and make managing multiple SSH connections much easier.

Summary

In this lab, you have learned the fundamentals of SSH (Secure Shell) for securely connecting to Linux servers. Here's a recap of what you've accomplished:

You gained an understanding of SSH and its importance for secure remote connections
You generated an SSH key pair consisting of a private key and a public key
You learned about the importance of proper file permissions for SSH security
You set up SSH key-based authentication by configuring the authorized_keys file
You created an SSH config file to customize and simplify SSH connections

These skills are essential for anyone working with Linux systems, especially in cloud computing, system administration, DevOps, and cybersecurity roles. SSH is the standard method for securely accessing remote Linux servers and is used daily by IT professionals worldwide.

With the knowledge gained from this lab, you are now equipped to establish secure connections to Linux servers, which is a fundamental skill for further learning in Linux system administration and cloud computing.