SSH (Secure shell ) is a UNIX based command line and protocol for remotely connecting to the machines in a secure way. Authentication process it is validated via a digital certificate from both sides.
Ssh can be used to connect from cross platform FTP like filezilla, winscp etc avoiding connecting In a non secure way via ftp, so in this way we can upload, download files from the web server without getting hacked.
Ssh secure the connection via symmetrical, asymmetrical encryption and hashing.
Symmetrical encryptions can encrypt and decrypt messages to the person holding the key. With this method we can prevent snooping as well.
The key it is established from both sides of the connection during the exchange algorithm process. In this way the key is know only from the server machine and the client machine.
Asymmetrical encryption is different from symmetrical encryption because it use 2 keys. Public and private key. Public key it is public, can be shared, distributed if required. Private key should be keep private. The reason is simple, this is one way encryption, public key can encrypt the data but can not decrypt, from other side the private key can decrypt the data, for this reason the private key must be keep private and never shared.
SSH store a “memory” of all the hosts it has used in the past, the host key are stored into known_hosts file according to the user who logged in.
Every time we connect to a new machine it will store a new key to the known_hosts file, populating the file.
To setup a new key we need to run from Linux box via terminal “ssh-keygen -t rsa” asking some questions for
If we will make a test connection to a Linux machine via ssh and after logout we will reinstall the machine from scratch maintaining the same ip, we will see a warning message after we will try to re login into the machine. This happens because the public key stored into the known host file does not match with the old one. We will be unable to login via ssh into the machines without first removing from the known_hosts the specified key.
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
Man-in-the-middle attack it simulate a fake server and user for both sides, intercepting all the traffic between the server and the client. If the machine connect to specific other machines we can connect and than changing to StrictHostKeyChecking option to yes
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/user/.ssh/known_hosts:20
remove with: ssh-keygen -f “/home/user/.ssh/known_hosts” -R 126.96.36.199
RSA host key for 188.8.131.52 has changed and you have requested strict checking.
Host key verification failed.
This security measure it is necessary to prevent man-in-the-middle attack
If we are going to check the ssh connection history we will not be able to understand the log file because the host information are stored in a hash format , in this way if a security problem will happened no jump from this host to another will success, so the problem will be isolate in this machine.
If we are unable to store, remember all the password to all the machines we daily connect there is another method implemented by ssh.
We can login via ssh remotely without typing any password.
This can be achieved copying the id_rsa.pub ( public key ) from the host we are currently logged to “authorized_keys” stored into the “~/.ssh” in the machine we need to connect.
In this way the ssh process authentication will completed automatically without any password from our side.
If we are not sure your private key is totally secure , please generate a new one with the following command: “ssh-keygen -t rsa”.
Generating some questions
Generating public/private rsa key pair.
Enter file in which to save the key (/home/b/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/b/.ssh/id_rsa.
Your public key has been saved in /home/b/.ssh/id_rsa.pub.
Now days login with ssh means a encrypted connection, but what if the admin user use a simple password? All the security encryption will be useful, for this reason it Is best practice disabling the root login via ssh at /etc/ssh/ssh_config , allowing another user with admin privilege to login, also changing the ssh port from the default one 22 to another high port. This is a step further securing the connection.
In order to remove the stored data for a specified user we need to run : ssh-keygen -f “/home/user/.ssh/known_hosts” -R 198.61.273.23