Introduction to SSH (Secure Shell) for remote access. Learn how to set up SSH on Linux and Windows, generate SSH key pairs, and establish secure connections between client and server machines. Includes step-by-step instructions and helpful tips.

SSH.md

What is SSH ?

SSH (Secure Shell) is a cryptographic network protocol used to secure data communication over an unsecured network. It provides secure and encrypted connections for remote login, remote file transfers, and other network services between two untrusted hosts over an insecure network. SSH is widely used for managing network devices, remote administration, and for securely transmitting data. It utilizes a client-server paradigm, in which clients and servers communicate via a secure channel.

How to use SSH Protocol for Remote Access ?

In an SSH setup, one machine acts as the Server and the other machine acts as the Client. The client machine makes a request to the server machine and establishes a secure connection over which it can securely access the server's resources. The server machine listens for incoming requests from clients and provides the requested resources.

Step-1: Check if SSH-Client is Installed on Client machine. Just type ssh in Terminal and if you get some Output then it is installed. Almost all Operating Systems come with SSH-Client pre-installed.

Step-2: Install SSH-Server on the Server machine.

# Install OpenSSH-Server on Linux
sudo apt update && sudo apt upgrade
sudo apt install openssh-server

# Install OpenSSH-Server on Windows (Powershell Admin)
Add-WindowsCapability -Online -Name "OpenSSH.Server*"

For Windows machine we can Also install OpenSSH-Server from Settings -> Apps -> Optional Features

Step-3: Now, Start the SSH-Server as a Service on Server machine.

# Start OpenSSH-Server as Service on Linux
sudo service ssh start

# Start OpenSSH-Server on Windows (Powershell Admin)
Start-Service -Name sshd

Step-4: Once, the SSH-Server is up and running; We need to generate SSH-Key pairs on Client machine.

# Generate SSH-Key pair
ssh-keygen -t ed25519 -C "<identity>"

We'll be prompted to enter Path Which determines where and with what filename we want our Keys to be stored; and Passphrase for that Keypair.

Step-5: Now that we have the generated Keypair in the form of Private Key and Public Key. We'll have to copy the Public Key From Client machine to Server machine. If the Server machine is utilizing OpenSSH-Server and the User we are trying to SSH from is ...

(1) Linux User or Windows Standard User then,

# Use this Command in Windows to determine the Membership of the User
net user "<username>" | findstr /B /C "Local Group Membership"

• Copy Public Key from Client machine to Server machine in ~/.ssh/authorized_keys file

  • To copy Client's Public Key to Server we can use SCP (Secure Copy)

    scp "<path1>" user@"<hostname/ip>":"<path2>"
    
    # Legends
    # path1 - Path for Public Key on Client machine
    # path2 - Path of directory where we want to Copy Client's Public Key on Server machine

  • Now that we have Client's Public Key in Server machine, We'll have to mention that Key in ~/.ssh/authorized_keys file

    # From Server machine shell
    cat "<path1>" >> ~/.ssh/authorized_keys
    
    # OR
    
    # Client SSH to Server
    ssh user@"<hostname/ip>"    # Client will be prompted for Server's Password
    
    cat "<path1>" >> ~/.ssh/authorized_keys
    
    # Legends
    # path1 - Path of Public Key on Server

    scp is not a required approach. Client can use any way to copy Public Key to Server. In fact, Client is not even required to Copy the file. Client can share Public Key string any way and just paste that string in ~/.ssh/authorized_keys file.

(2) Windows Administrative User then,

• Copy Public Key from Client machine to Server machine in <SSH-Server-Installation-Path>/administrators_authorized_keys file as shown above.

• Now, we'll have to change administrators_authorized_keys file's permissions.

  # Run this command to change file permissions
  
  icacls "<path1>" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
  
  # Legends
  # path1 - Path to administrators_authorized_keys file

  ---

  This Approach for Windows Administrative User is explained in official documentation of Configuring OpenSSH-Server on Windows machine. But Windows versions 1809 and higher seem to have some issues with this approach. So If you are unable to use SSH Keys while following this approach then here is the workaround...

  • Follow the Standard User Approach for Copying Public Key from Client machine to Server machine.

  • Now, Open <SSH-Server-Installation-Path>/sshd_config file with Administrative privileges and...

    # Comment these 2 lines in sshd_config
    
    Match Group administrators
            AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

  • Restart SSH-Server

    # Powershell Admin
    Restart-Service -Name sshd

  ---

Step-6: Now that the Server has Client's Public Key, Client can initiate SSH connection with Server. While initiating SSH Connection, SSH-Client must be provided with the Private Key. There are 2 ways that can be done...

(1) Inline with SSH Command

# Initiate SSH Connection
ssh -i "<path1>" user@"<hostname/ip>"

# Legends
# path1 - Path to Private SSH Key

(2) With the help of SSH-Agent

• SSH-Agent is a helper program that keeps track of Client's Private keys and their passphrases.

  # Start SSH-Agent Service
  eval "$(ssh-agent -s)"
  
  # Add Private Key to SSH-Agent
  ssh-add "<Path to Private Key>"
  
  # Initialize SSH Connection
  ssh user@"<hostname/ip>"

SSH Connection has been established successfully🍻.

For Windows, the default SSH Shell is Command Prompt. So, if we want to change it to Powershell...

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force