close icon
daily.dev platform

Discover more from daily.dev

Personalized news feed, dev communities and search, much better than whatโ€™s out there. Maybe ;)

Start reading - Free forever
Start reading - Free forever
Continue reading >

SSH Basics for Developers

SSH Basics for Developers
Author
Nimrod Kramer
Related tags on daily.dev
toc
Table of contents
arrow-down

๐ŸŽฏ

Learn the basics of SSH (Secure Shell) for developers, including setup, encryption techniques, usage, security best practices, and troubleshooting common issues.

SSH, or Secure Shell, is a crucial tool for developers, allowing secure remote access to computers over the internet. Here's what you need to know:

  • Why SSH is Important: Securely work from anywhere, use flexible authentication methods like keys, easily manage remote systems, and securely tunnel data.
  • How SSH Works: It uses encryption to keep your data safe, verifies the server's identity, and ensures that only authorized users can access the server.
  • Setting Up SSH: Generate SSH key pairs for secure authentication and learn the basics of SSH commands for remote control.
  • SSH for Developers: Essential for remote work, deploying applications, port forwarding, and automation tasks.
  • Security Best Practices: Harden SSH security by disabling password login, using strong passwords for keys, limiting SSH access, updating regularly, and monitoring for suspicious activity.

SSH is not just about secure connections; it's a comprehensive tool for managing remote computers, automating tasks, and ensuring your work remains secure, no matter where you are.

What is SSH?

SSH, or Secure Shell, is like a special key that lets you safely talk to another computer over the internet, even if the internet is not safe. Think of it as a protected channel for your computer to send commands or log into another computer far away.

SSH keeps your connection safe by using secret codes:

  • Symmetric encryption - This is like having a secret handshake that both your computer and the other computer know. Once you've said hello, everything you send is locked with this secret handshake.
  • Asymmetric encryption - This is a bit like sending a locked box to the other computer. The box can only be opened with a special key that only the other computer has.
  • Hashing - Imagine sending a letter with a unique seal. If the seal is broken or changed when it arrives, you'll know someone tampered with your letter.

How Does SSH Work?

Here's a simple breakdown of what happens when you use SSH to connect to another computer:

  • Your SSH program reaches out to the server on the other side.
  • The server shows its ID to prove it's the one you're expecting to talk to.
  • Both sides agree on a secret handshake to lock their conversation.
  • You prove who you are, maybe with a password or a special key.
  • Once the server knows you're you, it lets you in, and your secure chat can start.
  • Everything you type or send is locked up before it goes through the internet, and only the server can unlock it.

SSH Encryption Techniques

We talked about the secret codes SSH uses, but letโ€™s make it simpler:

  • Symmetric encryption is like a secret handshake. It's fast and locks everything after you've said hello.
  • Asymmetric encryption involves sending a locked box that only the receiver can open with their unique key. This helps make sure the server you're connecting to is the right one.
  • Hashing is like sending your message with a unique seal. If the seal is broken, you know someone messed with your message.

Together, these methods keep your remote chats safe from eavesdroppers, making sure no one can sneak a peek or mess with your data.

Setting Up SSH

Generating SSH Key Pairs

To start using SSH for secure remote access, you need to make a pair of SSH keys on your computer. Think of these keys as a special lock and key system where the lock can be shared, but your key is private.

Here's how to make your SSH key pair:

  • Open a terminal and type ssh-keygen -t rsa. This starts the process to create your keys.
  • It'll ask where to save the keys. Just hit enter to pick the default spot (/home/username/.ssh/id_rsa).
  • Then, it asks for a passphrase. This is like a secret code that adds another layer of safety. If someone gets your private key, they still need this code to use it.
  • You'll end up with two files - a private key (id_rsa) and a public key (id_rsa.pub).
  • Private key: Keep this super safe and to yourself. It's what you'll use to connect.
  • Public key: This one goes on any servers you want to access. It tells the server you're allowed in.

To keep your SSH keys safe, always use a passphrase, make sure only you can read your private key, and don't put your keys where others can find them.

SSH Authentication Methods

When you connect to a server with SSH, there are two ways to prove it's really you:

Password Authentication

This is when you type in a password to get access. It's easy but not the safest since passwords can be guessed.

Public Key Authentication

This method uses the SSH keys you made. You put your public key on the server, and when you connect, the keys confirm your identity without needing a password.

Using SSH keys is the better choice because:

  • Your private key is much harder to guess than a password.
  • It makes sure you're connecting to the right server.
  • Your password doesn't get sent over the internet, keeping it safe from snoops.

So, for the best security, stick with SSH keys when you can.

SSH Usage and Applications

Essential SSH Commands

SSH lets you control another computer from far away as if you were right there. Here are some easy-to-use SSH commands that help you do a lot of things:

  • ls - Shows you what files and folders are there
  • cd - Lets you move to a different folder
  • mkdir - Creates a new folder
  • rm - Removes files or folders
  • cat - Shows what's inside a file
  • vim/nano - Lets you edit files
  • top - Shows what your computer is busy with
  • df - Tells you how much space is left on your computer
  • du - Shows how much space a folder takes
  • ping/traceroute - Helps figure out network issues

These commands are the basics for moving around and working on servers from anywhere using SSH.

Customizing SSH Configuration

You can change settings for both the SSH server (the computer you're connecting to) and the SSH client (your computer). Here's what you can tweak:

Server-Side

  • Port - Use a different door (port) instead of the usual one (22)
  • PermitRootLogin - Decide if the main user (root) can log in
  • PasswordAuthentication - Choose if passwords are allowed
  • AllowUsers - Pick which users can access

Client-Side

  • Host - Create shortcuts for servers
  • User - Set a default username
  • Compression - Make data smaller so it sends faster
  • ForwardAgent - Carry your SSH keys with you when connecting

Adjusting these settings can make your connection safer and easier to use, especially for things like setting up SSH tunnels.

SSH for Developers

Developers use SSH for important tasks all the time:

  • Remote work - SSH lets you work on code or use tools on a server as if you were right there.
  • Deployment - You can use SSH to send commands that set up your apps on servers.
  • Port forwarding - SSH can make a private path so you can reach databases or interfaces on the server.
  • Automation - SSH keys help your computer log in without needing a password, great for automatic tasks.

For coding from home or automating your work, SSH is a key tool for safe and easy remote access.

sbb-itb-bfaad5b

Security Best Practices

Hardening SSH Security

To make SSH more secure, follow these tips:

  • Turn off password login - Passwords can sometimes be easy to figure out. Use SSH key pairs instead, which are like a special lock and key for your computer. Change the PasswordAuthentication setting in your SSH config file to do this.

  • Pick strong passwords for your keys - If you're using key pairs, make sure the private key has a really tough password. This way, even if someone gets your key, they can't use it without the password.

  • Choose who can use SSH - In your SSH config file, you can say which users or groups are allowed to connect. Don't let the main user (root) log in this way.

  • Update SSH regularly - Keep your SSH program up-to-date to protect against known problems. Old versions can have holes that hackers know how to use.

  • Add an extra step with 2FA - Use something like Google Authenticator to add another check before someone can log in. This means even if they have your key, they need a second code to get in.

  • Watch for suspicious activity - Keep an eye on your SSH logs to catch any weird attempts to connect. You can use tools like Fail2ban to block IP addresses that try to guess your password too many times.

Troubleshooting Common SSH Issues

Running into trouble? Here are some quick fixes:

  • Can't connect - Check if your firewall is blocking the connection, if the SSH service is running, if you're using the right SSH port, and if your account is set up correctly. Make sure your SSH key or password works.
  • Connection times out - This might be because of network problems, the SSH server being too slow, or a setup issue with how data is sent to and from your computer.
  • Permission denied - Make sure your SSH keys are set up right (private key should be 400, public key should be 644). Check if you have the right permissions to log in.
  • Command not found - You might have made a typo, or there could be a problem with where your computer looks for programs. Double-check for mistakes and your system's settings.
  • Text formatting issues - If text looks weird, it might be because of the server's language and text settings. You can fix this by adjusting the locale settings.

If you're still stuck, try testing your SSH connection with a different account or on another computer to see if the problem is with your setup.

Conclusion

SSH is super useful for safely reaching and taking care of servers from afar. Here's the gist of what we've covered:

  • Keeping connections safe - SSH uses special encryption methods to make sure that when you send commands or files, it's all locked up tight.
  • Different ways to check who you are - While you can use a password with SSH, it's smarter to use SSH key pairs. These keys help prove it's really you without having to send your password over the internet.
  • Easy remote access - After setting it up, SSH lets you work on remote servers easily. You can run commands, change files, solve problems, and do your work as if you were right there in front of the server.
  • Security is key - To keep things safe, turn off password logins and use keys with a passphrase instead, limit who can use SSH, update SSH regularly, and keep an eye on your logs for any weird attempts to connect.

Learning how to use SSH well is really worth it, especially as you start handling more and bigger server tasks. It keeps your work secure and makes managing servers from anywhere a breeze.

Related posts

Why not level up your reading with

Stay up-to-date with the latest developer news every time you open a new tab.

Read more