SSH is an acronym for SecureSHell. It was essentially developed to provide security when accessing another computer/server remotely. Older telnet programs allowed everything sent or received to be visible, so outsiders could literally “sniff” that connection in-between (using programs like Wireshark) to see your email, commands, username and password. SSH encrypts sessions, plus provides improved authentication facilities. Some of its features include X session forwarding, secure file transfer and port forwarding.
SSH can use more than one form of encryption, from 512 bits and up, plus it includes ciphers like Triple DES, AES, CAST128 or Blowfish. By encrypting the data, it changes it so that unless outsiders have the key, it’s hard to crack the code.
When connecting to a remote machine, run ‘SSH hostname’ on your local computer, where that hostname is the hostname of the remote computer you’re connecting with. Host validation is one of SSH’s major features as it can help you detect DNS spoofing. If your host key verification fails, this should raise some red flags. Some items to consider would be:
- Has the server been upgraded?
- Are using a dynamic IP address on your home computer?
When setting up passphrases, use characters mixed with punctuation and numbers, making it harder to guess. An eight-character password has 5.25 times less combinations than a five-word passphrase. Just don’t use any famous phrases or quotes as these can be uncovered by a brute force program.
Private and public keys
When generating a key, SSH actually generates two keys, a public key and a private key. The private key should always remain on your local computer. The public key should always stay on the server you want to connect to. The public key cannot be used to derive your private key, making it a secure connection. Your local SSH process asks for your passphrase, not the remote server. If you’re using an SSH agent program, this will eliminate the need to enter the passphrase, as that will be done automatically once it’s set up.
Running Commands Over SSH and exiting
If you simply want to run a command and exit, then put the command you wish to run at the end of your SSH connection command.
If you want to securely transfer files from your local computer to a server (remote host), or vice versa, you can use a program like SCP that uses the SSH protocol.
What if your SSH session dies of inactivity?
SSH sessions can die after so many minutes of inactivity, sometimes because of a firewall configuration between you and the Internet that was designed to only keep stateful connections in memory for specific lengths of time. Fortunately, there are workarounds like using a TCPKeepAlive directive.
How to end you SSH session
You can end your SSH session typing entering exit, logout or simply pressing Ctrl-d. These usually exit the shell, logging you off. However, if you lose connectivity and have no way of ending your shell session, simply type return twice and then the tilde followed by a period. This should terminate the connection from the local side rather than from the server.