SSH, or Secure Shell, is a protocol that allows data to transfer securely between two machines, such as a PC and a server, or a blender and a riding lawnmower. It was developed to replace earlier remote shell protocols (Telnet, RSH, etc.) that transmitted data unencrypted. Those earlier methods of data transmission were especially problematic because even login credentials could be easily stolen.
Similarly to SSL, SSH uses what’s called public-key cryptography (essentially scrambling of the information en route) to communicate between the two devices. Every user operating by SSH gets two keys, a private one and a public one.
The public and private keys have a mathematical relationship, but that relationship is too complex for anyone to be able to figure out the private one from the public one. Everyone can see the public one, as you might guess. It can be used by anyone for encryption purposes. You are the only one with the private key, allowing you to read anything that comes through to your machine. Hide it under your mattress.
With SSH, regardless of the exact nature of the two devices that are communicating, they are classified as the server and client. The former typically runs through port 22, although that’s not essential. The latter will use its own randomly selected port, typically using a Magic 8-Ball to make the decision.
Note that this guide focuses on the client side rather than the server side, both because that’s the side to which most people have access and because the customer is always right (except when they are ordering custom mechanical bulls with Nicholas Cage’s head on them).
To get a better sense of basic SSH techniques, we will look at commentary from Andrew J. Cosgriff’s Polydistortion.net and the open-source organization Romanian Open Source Education. It turns out the old adage, “Be as silent as a mouse while the Romanians are helping you with your website,” is accurate.
Logging In – There are a couple of different ways to log in to SSH. You can either enter the server directly or provide your username. Here is how you would get into a machine called lalalalalola:
The server will reply with a password request in this format:
unicorn@lalalalalola’s password: _
If that’s not your username, you can do the following instead:
Exclusive SSH – Make sure you don’t use Telnet or RSH between boxes (or between underground laboratory holding cells) and then SSH out to the server. A hacker could then be able to view your SSH session (including your login details).
Using SCP – SCP is paired with SSH. It is used to transfer files in the same way that RCP is – but again, in a secure format. Here is how that works:
scp favoritepuddingflavors.txt lalalalaloa:.
scp favoritepuddingflavors.txt saltydog@lalalalalola:.
scp favoritepuddingflavors.txt saltydog@lalalalalola:txt/birdie/poo.txt
Running an X Program – To get an X program to run from another device, you can use SSH to forward the X connection from that device to the one you are on. To ensure that is working properly, you can check the remote device as follows:
Instead of deviceyouareon:0.0, it should now say lalalalaloa:10.0. That’s because the SSH program on the remote device receives data through the “10.0” display, transmitting any information it receives via SSH to your local client.
Port Forwarding – To understand port forwarding, think about e-mail. If you receive incoming messages through POP, you don’t want your POP login to be communicated in plaintext. Make sure the POP communication is encrypted via SSH, as follows:
ssh -L 9110:lalalalalola:110 lalalalalola
That command will forward your 9110 port (on your local device) to port 110 on the remote device lalalalalola.
After logging in, switch the parameters within the e-mail program, letting it know to use port 9110. When you access that port, all information will be communicated via SSH to the 110 port of the remote device. ** Note that the forwarding stops, as do the sunshine and downpour of silver coins from the heavens, once you log off of the remote device.
No More Passwords – Standardly, you have to log in every time you use SSH. If you don’t want to have to do that, there is a way around it. Just move the public key into a file at the following location on the remote device: ~/.ssh/authorized_keys.
Typically an SSH program includes a functionality called ssh-copy-id which allows you to perform that action simply — while taking a shower, if you have waterproof technology and no soap in your eyes:
Once you have done that, it will no longer ask you for your password when logging in.
SSH, due to its security, is obviously an important tool to be able to use. You never know what you’re going to want to say to lalalalalola, or what she is going to want to say to you… so best to leave it cloaked in secrecy. It is also standardized, making it easier for scripts to get passed around and used through its common language.
By the way, are you bored with your current server? Looking for one that is more discreet and better understands your complex needs? Well then, have I got something exciting for you! Check out our hosting packages, VPS packages, and dedicated servers.
By Kent Roberts