SSH (Secure Shell) is a cryptographic network protocol used to secure data communication over an unsecured network. It provides secure and encrypted connections for remote login, remote file transfers, and other network services between two untrusted hosts over an insecure network. SSH is widely used for managing network devices, remote administration, and for securely transmitting data. It utilizes a client-server paradigm, in which clients and servers communicate via a secure channel.
In an SSH setup, one machine acts as the Server and the other machine acts as the Client. The client machine makes a request to the server machine and establishes a secure connection over which it can securely access the server's resources. The server machine listens for incoming requests from clients and provides the requested resources.
Step-1: Check if SSH-Client is Installed on Client machine. Just type ssh
in Terminal and if you get some Output then it is installed. Almost all Operating Systems come with SSH-Client pre-installed.
Step-2: Install SSH-Server on the Server machine.
# Install OpenSSH-Server on Linux
sudo apt update && sudo apt upgrade
sudo apt install openssh-server
# Install OpenSSH-Server on Windows (Powershell Admin)
Add-WindowsCapability -Online -Name "OpenSSH.Server*"
For Windows machine we can Also install OpenSSH-Server from
Settings -> Apps -> Optional Features
Step-3: Now, Start the SSH-Server as a Service on Server machine.
# Start OpenSSH-Server as Service on Linux
sudo service ssh start
# Start OpenSSH-Server on Windows (Powershell Admin)
Start-Service -Name sshd
Step-4: Once, the SSH-Server is up and running; We need to generate SSH-Key pairs on Client machine.
# Generate SSH-Key pair
ssh-keygen -t ed25519 -C "<identity>"
We'll be prompted to enter Path Which determines where and with what filename we want our Keys to be stored; and Passphrase for that Keypair.
Step-5: Now that we have the generated Keypair in the form of Private Key and Public Key. We'll have to copy the Public Key From Client machine to Server machine. If the Server machine is utilizing OpenSSH-Server and the User we are trying to SSH from is ...
(1) Linux User or Windows Standard User then,
# Use this Command in Windows to determine the Membership of the User
net user "<username>" | findstr /B /C "Local Group Membership"
-
Copy Public Key from Client machine to Server machine in
~/.ssh/authorized_keys
file-
To copy Client's Public Key to Server we can use SCP (Secure Copy)
scp "<path1>" user@"<hostname/ip>":"<path2>" # Legends # path1 - Path for Public Key on Client machine # path2 - Path of directory where we want to Copy Client's Public Key on Server machine
-
Now that we have Client's Public Key in Server machine, We'll have to mention that Key in
~/.ssh/authorized_keys
file# From Server machine shell cat "<path1>" >> ~/.ssh/authorized_keys # OR # Client SSH to Server ssh user@"<hostname/ip>" # Client will be prompted for Server's Password cat "<path1>" >> ~/.ssh/authorized_keys # Legends # path1 - Path of Public Key on Server
scp
is not a required approach. Client can use any way to copy Public Key to Server. In fact, Client is not even required to Copy the file. Client can share Public Key string any way and just paste that string in~/.ssh/authorized_keys
file.
-
(2) Windows Administrative User then,
-
Copy Public Key from Client machine to Server machine in
<SSH-Server-Installation-Path>/administrators_authorized_keys
file as shown above. -
Now, we'll have to change
administrators_authorized_keys
file's permissions.# Run this command to change file permissions icacls "<path1>" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F" # Legends # path1 - Path to administrators_authorized_keys file
This Approach for Windows Administrative User is explained in official documentation of Configuring OpenSSH-Server on Windows machine. But Windows versions 1809 and higher seem to have some issues with this approach. So If you are unable to use SSH Keys while following this approach then here is the workaround...
-
Follow the Standard User Approach for Copying Public Key from Client machine to Server machine.
-
Now, Open
<SSH-Server-Installation-Path>/sshd_config
file with Administrative privileges and...# Comment these 2 lines in sshd_config Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
-
Restart SSH-Server
# Powershell Admin Restart-Service -Name sshd
-
Step-6: Now that the Server has Client's Public Key, Client can initiate SSH connection with Server. While initiating SSH Connection, SSH-Client must be provided with the Private Key. There are 2 ways that can be done...
(1) Inline with SSH Command
# Initiate SSH Connection
ssh -i "<path1>" user@"<hostname/ip>"
# Legends
# path1 - Path to Private SSH Key
(2) With the help of SSH-Agent
-
SSH-Agent is a helper program that keeps track of Client's Private keys and their passphrases.
# Start SSH-Agent Service eval "$(ssh-agent -s)" # Add Private Key to SSH-Agent ssh-add "<Path to Private Key>" # Initialize SSH Connection ssh user@"<hostname/ip>"
SSH Connection has been established successfully🍻.
For Windows, the default SSH Shell is Command Prompt. So, if we want to change it to Powershell...
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force