A Story of SSH (Secure Shell)


One day Mickey was on a drive in his car when he saw Minnie in the market. Mickey stopped and approached her

Mickey – Hey Minnie

Minnie – Err… Ah…Hi Mickey! What are you doing here?

Mickey – I was feeling lonely at home so thought of going on a long drive

Minnie – Great!

Mickey – By the way, What are you doing here?

Minnie – Nothing, just came to get some stuff

Mickey – You look lost. What’s the matter?

Minnie – Thinking about something

Mickey – Tel me

Minnie – You see I need to explain SSH in my next class and I have not got any time to prepare the topic

Mickey – Well! Don’t worry now, I am here

Minnie (Excited) – Wow! You know about SSH, Please tell me!

Mickey – Sure, why don’t you come along with me and we will go on a long drive and I will explain on the way

Minnie – Sure, Let’s Go!


Mickey – Okay Minnie, SSH = Secure Shell

Minnie – Okay, good to begin with

Mickey – In simple words, it is a network protocol, that provides a secure channel over a network for a client and server application to transfer data or information OR a secured way to access any resource over a network
Protocol = Some set rules and guidelines

Minnie – I have read that online, but need to understand in simple words

MickeySSH is a protocol that allows two machines to communicate securely over a network

Minnie – Yes, but how does it do that

Mickey – It secures the data or information exchanged  by encrypting it

Minnie – What does that mean

Mickey – Encryption is the process of encoding information. In simple words, it takes readable data and alters it so that it appears random and unreadable (called ciphertext)

Minnie – Oh so how do we get the original data

Mickey – Now you are asking the right questions

Encryption requires the use of an encryption key which is a set of mathematical values that both sender or recipients of the message know

Minnie – So is this like the key to the lock

Mickey – Exactly and it is called as the encryption key that is generated by some algorithms

Minnie – Mickey look, I am starting to get this, okay. But as always can you explain in simpler terms with an example

Mickey – Sure, here you go

Imagine, you need to send an important box to your friend and want to send it securely. You can put a lock on that box and send it over

Minnie – Okay, but the key is with me, How will my friend open the box

Mickey – Here comes the interesting part. When your friend receives the box he puts his own lock on the box and sends it back to you

Minnie – So the box now has 2 locks

Mickey – Yes, and when you receive the box, you open and take off your lock. Now the box is left with your friend’s lock on it. And you send it to your friend again

Minnie – And when my friend receives the box, he can open as he has the key to his own lock

Mickey – Yes exactly. This is a secured way to transfer the box or data in the box

Minnie – Well that was interesting, It will be great to get more details on How SSH works

Mickey – Sure here you go

Minnie – Yeah! The fun starts

Mickey – I will need to go a little bit in history to explain

Minnie – Sure, do as you will

Mickey – Okay, back in the 1960s when there was a need to make computers talk to each other over a network, a set of rules was created for any two computers to communicate with each other, This set of rules or protocol was called TELNET

Minnie – Yes, I have heard that word

Mickey – So TELNET allowed user on one computer to take control or access another computer over a network (i.e. 2 computers that are not physically connected with wires)

Minnie – That’s interesting

Mickey – This was a great achievement, but the problem was this was not secure especially over the internet. The information sent from one machine to another was sent as it is, in its original form. So there was a threat that anyone can get read or intercept the data during the transfer process from one system to another

Mickey – So in the mid 90’s there came a successor of TELNET,  a more secure way for communication over the network,  called Secure Shell or SSH

Minnie – It’s good to know where it all began

Mickey – Yes, Now with that knowledge, Let’s understand how SSH works

Minnie – Yeah

Mickey – To establish SSH connection we need the following

  1. Server or Remote machine (running SSH server)
  2. Client or the Local machine (having SSH client)
  3. Authentication (using password or ssh keys)

Minnie – Got this

Mickey – So the first thing we will need is a computer running an SSH server. This is the machine that we want to access and control.

Minnie – So is this the server

Mickey – Yes. And to enable SSH, you just can enable remote login if the computer runs on Mac OS, If its Linux, can install Open SSH server. For windows, as well there is an option to install open ssh server

Minnie – I never knew this, wow

Mickey – We can also do the same on mobile like android by installing some SSH app

Minnie – Okay

Mickey – So now we have a system running an SSH server, And that’s the 1st thing we needed. This is the server or remote machine

Minnie – Step 1 done

Mickey – Now we need another system that will be our client

Minnie – So client again can be any machine running Linux, Mac or Windows OS

Mickey – Yes, and if it is Linux or Mac, you do not need to add any tool, You can connect to server directly from the terminal and if its window, you can use any SSH client applications like Putty

Minnie – What about Android and iOS

Mickey – You will find many apps for both of them like JuiceSSH, Termius, etc

Minnie – Okay

Mickey  Now assuming both the client and server computers are on the same network, you can access the server from client using the command

ssh {user}@{host}

{user} represents the account you want to access. For example, you may want to access the root user, which is synonymous with system administrators with complete rights to modify anything on the system. 

{host} refers to the computer you want to access. This can be an IP Address (e.g. 123.234.24.10) or a domain name (e.g. www.example.com)

So a real command will look like
ssh root@65.123.13.10

Minnie – So here I need to know the IP or domain name of the server that I need to connect and the username or id of the user who is connecting to the server

Mickey – Exactly

Now hereafter typing the above command when you hit enter, you will be prompted to enter the password for the requested account. When you type it in, nothing will appear on the screen, but your password is, in fact being transmitted. Once you’re done typing, hit enter once again. If your password is correct, you will be greeted with a remote terminal window.

Minnie – So I need to know the user’s password

Mickey – Yes, of course, this is the authentication to access the server

Minnie – Okay

Mickey – So now you are into the server. Congrats

Minnie – I am Happy

Mickey – And now you can run your commands and can have data exchange in a secure way

Minnie – Okay, what about the keys, I get to hear a lot about public and private keys in SSH communication, What is all about that

Mickey – There are 2 ways of authentication

  1. Password-based authentication
  2. Key-based authentication

In Key-based authentication, in order to establish a secure connection between 2 systems we make 2 keys, one is called a public key and other is called a private key

Minnie – Now you are talking

Mickey – The private key remains on the client system and the public key is uploaded on the server

Minnie – Got this

Mickey – So whenever we connect using ssh, these 2 keys are checked and if the right combination of a private and public key is found, the connection is established

Minnie – Can you tell how exactly these keys are created, Like the commands, etc.

Mickey – That will be too deep

Minnie – Yeah I want to go deep. Very deep

Mickey – So from the client system, I will open the terminal and type

ssh-keygen -t rsa

Minnie – What is -t option here

Mickey – We use the –t option to specify the type of key to create. Possible values are “rsa1” for protocol version 1, and “dsa“, “ecdsa“, or “rsa” for protocol version 2

But don’t get confused with that for now.

Minnie – So if I want I can skip the type and only run ssh-keygen

Mickey – Yes, right Minnie

Minnie – Okay, So this single command generates the public-private authentication key pair

Mickey – Yes, and the key pair is unique for a user, Example if you generate these keys as the root user, only this user can authenticate using this key pair and for a different user another set of keys needs to be generated

Minnie – Okay

Mickey – After you run the command  ssh-keygen -t rsa you can provide the location or file name where you want to save the keys, or just hit enter

Minnie – Got this

Mickey – Then you will have the option of specifying a passphrase to encrypt the private part of the key. If you encrypt your personal key, you must supply the passphrase each time you use the key. This prevents an attacker, who has access to your private key and can impersonate you and access all the computers you have access to, from being able to do so. The attacker still needs to supply the passphrase

Minnie – Great, so adding a password gives an extra level of security for the private key

Mickey – Yes

Minnie – Keep going

Mickey – The ssh-key command generates two keys

id_rsa
id_rsa.pub

Minnie – So here id_rsa is the private key and id_rsa.pub is the public key.

Mickey – Yes, the private key will remain on the local machine and public key will be sent to the server
(Never share your private key with anyone)

Minnie – How to copy the public key to the server

Mickey – You can do in multiple ways like can use this command

ssh-copy-id user@ip
e.g.
ssh-copy-id root@126.45.65.10

Minnie  Where will this key go on the remote system

Mickey – Good question, so the key gets copied at ~/.ssh/authorized_keys on the remote. So remember if you use any other way to send the public key. Put it under this folder

Minnie – Wow

Mickey – In the case of some remote servers that can be accessed from the browser, you can log in to the web interface of the server on a browser and upload the public key. Like in GitLab or GitHub.


GitLab SSH video by Raghav

Mickey – Now whenever you need to connect to the remote system or server, from your local system run this command

ssh user@ip
e.g.
ssh root@126.45.65.10

Minnie – Wow, so now we do not need a password

Mickey – Yes, authentication will be done based on private-public key pair

Minnie – So to connect over SSH we have the option for password-based authentication and key-based authentication, both, Am I right Mickey.

Mickey – Yes, and key-based is more secure than password-based authentication

Minnie – Wow this is so great to know

Mickey – So remember

SSH (Secure Shell) is a network protocol, that provides a secure channel over a network for a client and server application to transfer data or information OR a secured way to access any resource over a network

Minnie – Yes I will never forget this

Mickey – Good

Minnie – After knowing all this, just wanted to know who created SSH

Mickey – SSH was invented by Tatu Ylonen. In 1995 he designed the first version. If you like to check this video here

Mickey – Do you want to go on another long driver or shall we go back home

Minnie – I want to have an ice-cream now. Looks like I have learned a lot in a day

Mickey – Sure Minnie here we go

Minnie – You are my best friend

Mickey – I am always here for you 🙂


about the author more stories

199