Intro to SSH: Secure Shell 101 + Exercise

The SSH protocol (also referred to as Secure Shell) is a method for secure remote login from one computer to another.

In this blog post, we’re going to learn about SSH, discuss and create a VPS to SSH into, SSH in to our VPS, install a web-server and deploy a website, and finally… do the robo boogie.

How to Use SSH

Being able to connect to another (remote) computer/server to transfer files, install programs, and/or host a website is an important skill in any software developer’s tool belt.

But why?

When you deploy code to a web server to run your website, you need a way to get the code from your computer to the publicly accessible web server.

The SSH protocol is also used under the hood by GUI clients using SFTP to transfer files (ie. FileZilla, Cyberduck, Transmit, Gftp, etc..). Also, anytime you push code to Github/Bitbucket/Gitlab, you are using SSH.

There are also deployment tools that utilize SSH like Capistrano – which is written in Ruby and can automate a series of ssh commands that execute on the remote server. So you can set it up to log into your remote server, copy your code from Github, link some files/directories, restart Rails and then tell you when it is finished.. this makes executing a series of complex commands very easy.

How does SSH work?

SSH creates a secure ‘tunnel’ for you to transfer data to the remote server. This requires authentication and there are 2 main ways to do this.

Passwords

Passwords are the easiest way to connect to a remote server because they require no setup. You simply enter the ssh command to connect to a remote host and you are prompted for a password. If you enter the right password, you get access to the remote host.

This means that a hacker could repeatedly try to ssh into your host and guess the password – if they get it right, you just got pwned. It is not advised to allow password authentication.

Keys

A key (pair) is a more secure way to authenticate using ssh. You generate an encrypted key pair on your local machine (this will generate a public key and a private key), then you copy your public key to the remote host in a special file called “authorized_keys”.

Any public key listed in this file will be allowed to authenticate without providing a password. The catch is, that you must have the corresponding private key on your computer before the remote host will allow you access – so you should NEVER share your ssh private key (located in your home directory at ~/.ssh/id_rsa). Your public key can be shared and you do this when you paste it onto a remote server or add it to your Github profile.

Keys are the way to go.

Creating a VPS (Virtual Private Server)

At this point you might be thinking.. yeah but where do I SSH in to a remote host? So the most common way to do this is to create a VPS (virtual private server).

This is what people are referring to when they say ‘cloud server’. They are basically just very large and powerful servers running in a data-center somewhere (like AWS or Google) and they provision a ‘piece’ of that server just for you.

You can generally choose how big of a server you need and pay just for that. They start at around $5/month for a VPS with 1GB ram and 1 CPU.

Today we will be using Digital Ocean to show how this works – it is as easy as clicking a few buttons.

Robot and SSH joke about byes and bites

Commands to Know and Use

Basic Linux commands include the following:

Make a new directory:

$ mkdir -p foo/bar

Change a directory:

$ cd foo/bar/

List all files:

$ ls
$ ls foo/*

Create a new file:

$ touch foo.txt

Learn more about basic Linux commands for beginners here.

Commands to SSH into Remote Host

To SSH into remote host, use the following commands. (Password for this exercise: TeamAirship!!)

$ ssh [email protected]
$ ssh [email protected]

Generate an SSH key (you can accept all defaults for now):

$ ssh-keygen -t rsa -b 4096 -C "my-awesome-username"

Read the github documentation on generating a new SSH key and adding it to the SSH agent here.

Copy your public key to the remote host:

$ ssh-copy-id [email protected]<br>

Create an SSH config for easier access:

(open ~/.ssh/config and add the following):

Host airship
HostName some_ip_address
User airship

Copy a file to the remote server (using SCP – secure copy):

$ touch your-name.txt
$ scp your-name.txt [email protected]:/home/airship/files/

Read about how to use SCP command to transfer files securely here.

Sync a directory (using Rsync – remote sync):

$ rsync -azvh local_directory/ [email protected]_host:/remote/directory/
$ rsync -azvh foo [email protected]:/home/airship
$ rsync -azvh foo/ [email protected]:/home/airship/

Read more about how to use rsync to sync local and remote directories from Digital Ocean here.

Conclusion

Now your’e basically a Hacker-person. Questions?

If you’re interested in becoming a custom software development wizard like our builder JD, check out our current openings and how to apply on our Lever job board.