Secure Shell is a protocol that provides authentication, encryption and data integrity to secure network communications.
Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel.
Secure Shell client and server applications are widely available for most popular operating systems.
Functionality of Secure Shell
Secure Shell provides three main capabilities, which open the door for many creative secure solutions.
- Secure command-shell
- Secure file transfer
- Port forwarding
Shell Command shells such as those available in Linux, Unix, Windows, or the familiar DOS prompt provide the ability to execute programs and other commands, usually with character output.
A secure command-shell or remote logon allows you to edit files, view the contents of directories and access custom database applications.
Systems and network administrators can remotely start batch jobs, start, view or stop services and processes, create user accounts, change permissions to files and directories and more.
Anything that can be accomplished at a machine’s command prompt can now be done securely from the road or home.
connects to a server (default port 22)
$ ssh user@server
uses a speciﬁc port declared in sshd_conﬁg
$ ssh user@server -p other_port
runs a script on a remote server
$ ssh user@server script_to_run
compresses and downloads from a remote server
$ ssh user@server “tar cvzf – ~/source” > output.tgz
speciﬁes other ssh key for connection
$ ssh -i ~/.ssh/speciﬁc_ssh_fkey
opens conﬁg ﬁle (usual location)
$ sudo nano /etc/ssh/sshd_conﬁg
Changes default SSH port (22)
Disables root login
restricts access to specific users
AllowUsers user1, user2
enables login through ssh key
disables login through password
disables usage of ﬁles .rhosts and .shosts
disables a less secure type of login
number of unauthenticated connections before dropping
No of failed tries before the servers stops accepting new tries
max current ssh sessions
disables interactive password authentication
no empty password allowed
disables Rhost authtentication
disables port forwarding (blocks i.e MySQL Workbench)
SCP (Secure Copy)
copies a ﬁle from a remote server to a local machine
$ scp user@server:/directory/ﬁle.ext local_destination/
copies a ﬁle between two servers
$ scp user@server:/dir/ﬁle.ext user@server:/dir
copies a ﬁle from a local machine to a remote server
$ scp local_destination/ﬁle.ext user@server:/directory
uses a speciﬁc port declared for SHH in sshd_conﬁg
$ scp -P port
coppies recursive a whole folder
$ scp -r user@server:/directory local_destination/
copies all ﬁles from a folder
$ scp user@server:/directory/* local_destination/
copies all ﬁles from a server folder to the current folder
$ scp user@server:/directory/* .
compresses data on network using gzip
$ scp -C
starts ssh service
$ (sudo) service ssh start
checks ssh service status
$ (sudo) service ssh status
stops ssh service
$ (sudo) service ssh stop
restarts ssh service
$ (sudo) service ssh restart
prints verbose info about the current transfer
$ scp -v
generates a new ssh key
$ ssh-keygen -t rsa -b 4096
sends the key to the server
$ ssh-copy-id user@server
converts ids_rsa into ppk
$ puttygen current_key -o keyname.ppk