With SSH you can connect to a remote server as an engineer (Devops, SRE, Full stack etc), it gives you the ability to control a running machine from your local machine and maintain the machine. In this tutorial we’ll show you example (with digital ocean but it’s relevant to any could provider and any machine) how to create SSH private and public key, How to use the public key and assign the key to the remote machine (the machine we want to connect to) and how to run a command that will allow you to access the remote machine from your local machine.
What is SSH?
SSH, or Secure Shell, is a cryptographic network protocol used for securely operating network services over an unsecured network. It is commonly used to log into remote servers and execute commands, transfer files, and manage network infrastructure securely. SSH provides strong authentication and encrypted data communications between two computers connecting over an insecure network, such as the internet.
Key features of SSH include:
- Encryption: All data transmitted over SSH is encrypted, ensuring that any intercepted data cannot be read by unauthorized parties.
- Authentication: SSH supports multiple methods of authentication, including password-based, public key-based, and multifactor authentication.
- Port Forwarding: SSH can securely forward network traffic from one computer to another, which is useful for tunneling applications through a secure connection.
- Secure File Transfer: Protocols like SCP (Secure Copy Protocol) and SFTP (SSH File Transfer Protocol) operate over SSH, allowing secure file transfers between computers.
SSH is commonly used by system administrators and developers to manage servers and secure communication between systems.
How SSH Works?
Essentially we create private and public keys on our machine, we share the public key with the destination server(the remote server) but we keep the private key for ourself. We use SSH port to request access from remote server, and because the remote server know our public key it gives us the access to the remote server.
Here is a detailed diagram that I hope will help you understand how the connection of SSH works, however it’s not necessary and you can skip reading it:
Create SSH Key
on your local machine simply run the following command, that command will crate 2 files (in the location of your choosing, we prefer it to be around: “/Users/lioramsalem/.ssh/<your SSH key>” – of course changing the file name and folder name to your username. Let’s run the command:
ssh-keygen
Above command will prompt few questions like the location, few important things to note:
1. Provide it with FULL path to the location you want to save the file.
2. Be careful not to override existing SSH keys (otherwise you’ll lose access. to other services you might have or auto-installed)
3. Remember the full path of your public key, since we will be copying the public key.
Copy the Public Key
We can, on our local machine CD into the folder:
cd /Users/lioramsalem/.ssh/
Than copy/cat the public key, not the private one!
cat ~/.ssh/id_rsa.pub
IMPORTANT: do not share your private key! and the public key is provided in safe and secure networks or is used by you manually only (definitely not publish online to the public).
Your public key should start with the words: “ssh-rsa” than ha complicated long hash (about 3-5 lines), and the file name ends with “.pub”.
Apply public key
Now what we want to do is to use the public key on a remote server, But we don’t have SSH access to the server at this pint right? because we haven’t configure everything yet to allow the SSH connection to work!
In most cloud provider we’ll have a UI or some other quick method to connect the server, in digital ocean we have UI that looks like that:
The following is a basic UI console, you can click on it (and see how slow it is) but from the browser/browser-terminal we can add our public key to the authorized machines inside the remote server. Let’s CD into the SSH folder:
cd ~/.ssh
Inside ~/.SSH we want to check if we have authorized_keys file, otherwise we can create it with the command “touch” and then add our public key there with the command vim:
touch authorized_keys
Create it as above, or just edit with vim and add:
vim authorized_keys
If you have problems with the VIM commands check out our article about VIM that will speed you up throughout this process, Vim for beginners .
The files folder SSH should have permission of 700 and the file authorized_keys should have permission of 600 to login with SSH from a remote server.
chmod -R go= ~/.ssh
chown -R $USER:$USER ~/.ssh
Connect Command SSH
Now we want to connect from our local machine to the remote server once we’ve finished all the configuration, We can do so with the following SSH connect command:
ssh -i ~/.ssh/<id_rsa_filename> root@<remote_server_ip>
Above you’ll need to change the <id_rsa_filename> (including the triangles) to the local private key path and to the root@ ip of your remote server. However we don’t want to write above command everytime from our terminal when we want to connect to the remote server so here’s a shortcut command you can write into your ~/.bash_profile or ~/.zshrc file:
alias ssh='ssh -i ~/.ssh/<id_rsa_filename> root@<remote_server_ip>'
Now whenever you’ll type “ssh” in your terminal, you’ll be connected to the remote server and start working on your project – good luck!
Common SSH F&Q
| Question | Answer |
|---|---|
| What is SSH and why is it used? | SSH (Secure Shell) is a protocol used for securely accessing and managing remote systems over an unsecured network. It is commonly used in IT, DevOps, and SRE for remote server administration, automated deployments, and secure data transfer. |
| What is the SSH command used for? | The SSH command is used to establish a secure, encrypted connection between a client and a remote server, allowing the user to execute commands, manage files, and control the server remotely. |
| What is SSH for beginners? | For beginners, SSH is a tool that allows secure remote access to a server or network device. It’s primarily used for managing servers, transferring files, and executing commands securely from a remote location. |
| What is the SSH port used for? | The SSH port (default is 22) is the network port used by the SSH protocol to establish a secure connection between a client and a server. |
| Why is port 22 used for SSH? | Port 22 is the default port assigned by the Internet Assigned Numbers Authority (IANA) for SSH traffic. It is used because it is a standardized port for SSH connections, making it easier for clients and servers to communicate. |
| Is SSH port 21 or 22? | SSH uses port 22 by default. Port 21 is used for FTP (File Transfer Protocol), not for SSH. |
| When should I use SSH? | You should use SSH whenever you need to securely connect to a remote system, manage servers, transfer files, or execute commands over an insecure network like the internet. |
| How do I use SSH properly? | To use SSH properly, ensure you are using strong authentication methods (like SSH keys), keep your SSH client and server software updated, and limit SSH access to authorized users and IP addresses. |
| Why use an SSH key? | SSH keys provide a more secure method of authentication compared to passwords. They use cryptographic keys for authentication, reducing the risk of unauthorized access and eliminating the need for managing passwords. |
Lior Amsalem embarked on his software engineering journey in the early 2000s, Diving into Pascal with a keen interest in creating, developing, and working on new technologies. Transitioning from his early teenage years as a freelancer, Lior dedicated countless hours to expanding his knowledge within the software engineering domain. He immersed himself in learning new development languages and technologies such as JavaScript, React, backend, frontend, devops, nextjs, nodejs, mongodb, mysql and all together end to end development, while also gaining insights into business development and idea implementation.
Through his blog, Lior aims to share his interests and entrepreneurial journey, driven by a desire for independence and freedom from traditional 9-5 work constraints.
Leave a Reply