Chapter 5. SSH

Table of Contents

Introduction to the SSH Protocol
SSH Client
SSH Connection
SSH from Windows Machine
SSH Server
SSH Access Logs
Additional SSH Configuration
SSH Check Point

Introduction to the SSH Protocol

This chapter addresses SSH - which stands for Secure SHell. The SSH protocol, like many web/internet/computing interactions, is described as a 'client-server' protocol. This can often be confusing, and rightly so. The machine that is the client can also be a server, and vice versa, and the roles can switch based upon the interaction. To clear the confusion, and simply put, a client makes a request and a server receives the request. This can change from interaction to interaction, even within interactions. However, at the level of a single interaction, the client makes a request, and the server receives that request.

Next, when considering the SSH protocol, it might help to understand what 'shell' means. Are you familiar with a Hermit Crab ? Those guys live in a "shell" or other structure that can adapt and change as they grow. The adapt a "...salvaged empty seashell..." wherever they go. A "shell" in the computer world is very similar to the shell of a Hermit Crab in many ways. Whenever one logs in to a Linux machine, one is granted a "shell" environment. This environment can be configured, changed, and will change, as the user interacts with the system. There are several types of shells, and they can be customized as necessary. We will be dealing with the Bash shell during this course. In other words, every time you log in to your virtual machine, you will be at a command prompt that is interacting with the system through the Bash shell .

If we went to great lengths to secure that shell as well as the connection to the machine that accesses the shell, SSH (Secure SHell) would be the consequence. Keep in mind that the shell exists on the virtual machine, and is established when one logs in to that machine. Also, keep in mind that the shell can change and be configured. SSH is a protocol, or set of defined and outlined methods of interaction. SSH is considered to be very secure.

In this section, we will consider the two categories of SSH, which are the section called "SSH Client" & the section called "SSH Server".

[Warning] Industry Best Practice re: Login via root Account

In general, login via the root account is considered a security weakness and is not to be used on production systems. For the purpose of this class, and in the interest of simplicity, we will be logging in as the root user. If you configure your machine for production use, consider using an unprivileged account for login and SSH. See the section called "SSH Extras" for the extra steps necessary to "harden" a production machine.