SCAR-iT/LWM-Linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
LWM-Linux/04 - Networking in Linux/Secure Shell (SSH).md
ganome 3e41580e35
Sanitize Chapter 4
2024-09-05 17:01:20 -06:00

89 lines
3.6 KiB
Markdown
Raw Blame History

# Secure Shell (SSH):
## 1. Introduction to SSH
Secure Shell (SSH) is a cryptographic network protocol used for secure communication over an unsecured network. It provides a secure channel for data exchange between two networked devices, typically used for remote command-line login and remote command execution.
## 2. Key Features of SSH
- Encryption: All communication is encrypted, protecting against eavesdropping.
- Authentication: Ensures the identity of the communicating parties.
- Integrity: Guarantees that the transmitted data hasn't been altered.
- Port Forwarding: Allows secure tunneling of other protocols.
## 3. How SSH Works
SSH operates on a client-server model. The process typically involves:
- Key Exchange: The client and server agree on a shared secret key.
- Encryption Negotiation: They decide on the encryption algorithm to use.
- Authentication: The server authenticates the client.
- Session: Encrypted data transfer begins.
## 4. SSH Authentication Methods
- Password Authentication: Simple but less secure.
- Public Key Authentication: More secure, involves a public-private key pair.
- Host-Based Authentication: Based on the host rather than the user.
- Keyboard-Interactive: Allows for various prompts (e.g., two-factor authentication).
## 5. SSH Key Management
- Generating Keys: Use `ssh-keygen -t ed25519 -a 32` to create key pairs. (stored in ~/.ssh/ by default)
- Key Types: RSA, DSA, ECDSA, Ed25519 (Ed25519 is recommended for new deployments).
- Key Size: Larger keys are more secure but slower (e.g., 4096-bit RSA).
- Passphrase: An extra layer of security for private keys.
## 6. Common SSH Commands
- `ssh user@hostname`: Basic connection command.
- `scp user@hostname:/full/source/path ~/destination`: Secure copy files between hosts.
- `sftp user@hostname`: Secure file transfer protocol.
- `ssh-keygen`: Generate SSH key pairs.
- `ssh-copy-id user@hostname`: Copy your public key to a remote host.
## 7. SSH Configuration
- Client Configuration: `~/.ssh/config`
- Server Configuration: `/etc/ssh/sshd_config`
- Important settings:
- Port (default 22)
- PermitRootLogin : Usually commented out to disable root from using SSH.
- PasswordAuthentication: Set to no if you want to only use RSA keys
- PubkeyAuthentication: Set to yes if you want to use RSA keys for authentication.
## 8. SSH Security Best Practices
- Use key-based authentication instead of passwords.
- Disable root login.
- Use non-standard ports.
- Implement fail2ban or similar intrusion prevention systems. (sudo apt install fail2ban).
- Keep software up-to-date.
- Use SSH protocol version 2.
- Limit user access with AllowUsers or AllowGroups.
## 9. Advanced SSH Features
- Port Forwarding: Local, Remote, and Dynamic.
- X11 Forwarding: Run graphical applications remotely. (Virtual Network Connections among others)
- SSH Agent: Manage multiple SSH keys.
- ProxyJump: Easily connect through a jump host.
## 10. Troubleshooting SSH
- Connection Issues: Check network, firewall, and SSH service status.
- Authentication Problems: Verify credentials, key permissions (`chmod 600 ~/.ssh/id_rsa*`), and server configuration.
- Performance Issues: Consider compression or alternative ciphers.
## 11. SSH Alternatives and Related Protocols
- Telnet: Older, unencrypted protocol (not recommended - INSECURE).
- RDP: Remote Desktop Protocol - allows a full desktop (mainly for Windows).
- VNC: Virtual Network Computing - allows a full desktop (graphical desktop sharing).
## 12. SSH in Enterprise Environments
- Centralized key management solutions.
- Integration with LDAP or Active Directory.
- Auditing and logging considerations.
- Bastion hosts for added security.
Reference in New Issue View Git Blame Copy Permalink