SSH (Secure Shell)

Requirements:

What is it?

It is a secure communication protocol, that imposes an encryption key exchange at the beginning of connection. This means that the exchange of data between the client and the server will be encrypted.

Which program can be used to connect?

On an UNIX system (Linux - MAC) :

An SSH client is directly available from a terminal with the command:

ssh user@ip.address.of.the.server

On a Windows machine:

You need to use a client like Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Once it is opened you have to enter the address of the server:

When the connection is established you have to enter your username and password:

Transfer of data to the server

Using SFTP

SFTP does simply mean Secure File Transfer Protocol. It is basically FTP in a SSH tunnel.

The graphical client to transfer data using STP is Filezilla.

You only have to enter the IP address of the server in “Host”, the user name in “User”, the password you have chosen and to enter the port 22.

Using SCP

It is possible to copy a file or directory through an SSH tunnel. This is a command you can use on an UNIX terminal:

scp <file> <username>@<ipaddress>:<DestinationDirectory>

To copy the file config.txt to the directory /home/toto/prog of the server, you will run the following command:

scp config.txt toto@62.210.***.***:/home/toto/prog/

or

scp config.txt toto@62.210.***.***:prog/

Two authentification types

Password Authentification

An authentification by password is possible.

This type of authentification might be disabled in the file /etc/ssh/sshd_config

# Change to yes to enable tunneled clear text passwords
PasswordAuthentication no

Now restart the service

service ssh restart

Authentification using a public key

If somebody knows your password, the security of your server is compromised. To avoid this, SSH allows an Authentification by public/private key.

To enable it, you have to create a keypair at first.

ssh-keygen -t rsa

You are being asked where you want to save the key (by default in the folder ~/.ssh/) and a passphrase that will allow to encrypt the key. The public key and the private key will be created. The public key can be generally found here:

~/.ssh/id_rsa.pub

The remote user must have that key. We have to send it to the server:

ssh-copy-id -i ~/.ssh/id_rsa.pub ip.address.ofthe.server

You need to enter the password of the user. If the authentification by password is disabled, you have to copy/paste your key using another method.

You can connect to your server now, using the command:

ssh ip.adress.ofthe.server

At that time, only the passphrase will be required.

Configuration file of the SSH server

The configuration file of the SSH server can be found here: /etc/ssh/sshd_config

To allow the login with the root user you need to change the line:

PermitRootLogin yes

You need to uncomment (this means to delete the #) this line.

#Banner /etc/issue.net

You need to uncomment (this means to delete the #) this line. Effect: when you connect to your server the content of /etc/issue.net will be displayed (for your to personalize).