LWM-Linux/04 - Networking in Linux/Secure Shell (SSH).md

# Secure Shell (SSH):

## 1. Introduction to SSH

Secure Shell (SSH) is a cryptographic network protocol used for secure communication over an unsecured network. It provides a secure channel for data exchange between two networked devices, typically used for remote command-line login and remote command execution.

## 2. Key Features of SSH

- Encryption: All communication is encrypted, protecting against eavesdropping.
- Authentication: Ensures the identity of the communicating parties.
- Integrity: Guarantees that the transmitted data hasn't been altered.
- Port Forwarding: Allows secure tunneling of other protocols.

## 3. How SSH Works

SSH operates on a client-server model. The process typically involves:

- Key Exchange: The client and server agree on a shared secret key.
- Encryption Negotiation: They decide on the encryption algorithm to use.
- Authentication: The server authenticates the client.
- Session: Encrypted data transfer begins.

## 4. SSH Authentication Methods

- Password Authentication: Simple but less secure.
- Public Key Authentication: More secure, involves a public-private key pair.
- Host-Based Authentication: Based on the host rather than the user.
- Keyboard-Interactive: Allows for various prompts (e.g., two-factor authentication).

## 5. SSH Key Management

- Generating Keys: Use `ssh-keygen -t ed25519 -a 32` to create key pairs. (stored in ~/.ssh/ by default)
- Key Types: RSA, DSA, ECDSA, Ed25519 (Ed25519 is recommended for new deployments).
- Key Size: Larger keys are more secure but slower (e.g., 4096-bit RSA).
- Passphrase: An extra layer of security for private keys.

## 6. Common SSH Commands

- `ssh user@hostname`: Basic connection command.
- `scp user@hostname:/full/source/path ~/destination`: Secure copy files between hosts.
- `sftp user@hostname`: Secure file transfer protocol.
- `ssh-keygen`: Generate SSH key pairs.
- `ssh-copy-id user@hostname`: Copy your public key to a remote host.

## 7. SSH Configuration

- Client Configuration: `~/.ssh/config`
- Server Configuration: `/etc/ssh/sshd_config`
- Important settings:
  - Port (default 22)
  - PermitRootLogin : Usually commented out to disable root from using SSH.
  - PasswordAuthentication: Set to no if you want to only use RSA keys
  - PubkeyAuthentication: Set to yes if you want to use RSA keys for authentication.

## 8. SSH Security Best Practices

- Use key-based authentication instead of passwords.
- Disable root login.
- Use non-standard ports.
- Implement fail2ban or similar intrusion prevention systems. (sudo apt install fail2ban).
- Keep software up-to-date.
- Use SSH protocol version 2.
- Limit user access with AllowUsers or AllowGroups.

## 9. Advanced SSH Features

- Port Forwarding: Local, Remote, and Dynamic.
- X11 Forwarding: Run graphical applications remotely. (Virtual Network Connections among others)
- SSH Agent: Manage multiple SSH keys.
- ProxyJump: Easily connect through a jump host.

## 10. Troubleshooting SSH

- Connection Issues: Check network, firewall, and SSH service status.
- Authentication Problems: Verify credentials, key permissions (`chmod 600 ~/.ssh/id_rsa*`), and server configuration.
- Performance Issues: Consider compression or alternative ciphers.

## 11. SSH Alternatives and Related Protocols

- Telnet: Older, unencrypted protocol (not recommended - INSECURE).
- RDP: Remote Desktop Protocol - allows a full desktop (mainly for Windows).
- VNC: Virtual Network Computing - allows a full desktop (graphical desktop sharing).

## 12. SSH in Enterprise Environments

- Centralized key management solutions.
- Integration with LDAP or Active Directory.
- Auditing and logging considerations.
- Bastion hosts for added security.