What is SSH and How to Use It?
If you’re a website owner, you’re probably familiar with the term SSH as it is frequently used when discussing cybersecurity.
In this article, let’s see what it is and how it works.
What is SSH?
SSH, often called Secure Shell, is a network protocol that provides users, particularly system administrators, with a secure way to access a computer across an unsafe network.
Your website runs on a server, which is a large networked computer system miles away from your location. If you want to modify your website, you don’t need to go to the server’s center. Instead, you can do it from your location with the help of SSH. It enables you to access, modify, and manage your website remotely and securely.
The first version of SSH was created in 1995 by Tatu Ylönen, who worked as a researcher at the Helsinki University of Technology. He later founded SSH Communications Security, a cybersecurity company in Finland.
SSH-1 was a widely adopted connection protocol used to link clients to servers. Because SSH-1 carried all data in a human-readable format, it was unreliable and vulnerable to hacker attacks.
With that, Ylönen was forced to use encryption to establish a more secure connection. The Internet Engineering Task Force then expanded on the concept and released Protocol Version 2 in 2006.
SSH-2 is a current version of Secure Shell protocols that uses various encryption techniques to provide safe communication between clients and servers.
How Does SSH Work With Different Encryption Techniques?
SSH-2 uses a combination of symmetric and asymmetric encryption and hashing. You need to understand the various encryption techniques to know how SSH works.
In symmetric encryption, your computer and the server use a specified key exchange algorithm to create the symmetric key.
The computer uses a cryptographic key that converts the data you’re transferring into a jumbled string of letters and figures. The server receives the command and decrypts it using the same key.
Your computer and the server carry out this key exchange algorithm independently, and they never share it with anyone else.
In asymmetric encryption, your computer and the server generate public/private key pairs upon connection. The public keys are easily accessible and used to encrypt the data. But the two connecting devices are the only places where the private keys are kept and used to decrypt the data.
When you transfer data over an asymmetrically encrypted connection, your computer utilizes its public key to encrypt and secure data before sending it. And the server can decode the data only if it has the private key for your system.
Hashing is a different concept altogether. Similar to asymmetric and symmetric encryption, it jumbles the information, making it impossible for the attackers or anyone else to intercept and read it.
Each message passing through the hashing algorithm generates a unique string known as a hash value. However, there’s no key available to decrypt this data and restore it in a human-readable format. It’s a one-way cryptographic function that doesn’t allow the recovery of the original data.
How SSH Works With These Techniques
Even though it just takes a few seconds to establish an SSH connection to your server, a lot is going on behind the scenes.
Step 1: The ‘session encryption negotiation’ phase comes first. Your computer and the server each provide a list of supported encryption and hashing algorithms, and the two machines then agree on the one they’ll use.
Step 2: Your computer and the server generate public/private key pairs. The server utilises asymmetrical encryption and encrypts a piece of information as a challenge to your computer, which the computer can decrypt if it has a private key. This step marks the beginning of the SSH session.
Step 3: Now, your computer and the server use the symmetric encryption technique to protect the exchange of information. Both devices will share a public piece of information and use a predetermined key exchange technique to create a symmetric encryption key. Nobody else can produce the encryption key because the key exchange algorithm remains unknown.
Step 4: Upon achieving a secured connection, your computer and the server use a specified hashing method to generate unique Hash-based Message Authentication Codes (or HMACs) for each message that travels.
HMACs help validate the messages’ authenticity and ensure that there are no alterations. The authentication code is confirmed by checking the message’s content, the symmetric encryption key, and the packet sequence number.
Step 5: Authenticating the user is the last step. Before granting access, the server will request your login information or use cryptographic keys to confirm your identity.
What is SSH Used For?
SSH is a standard component of every Unix, Linux, and Mac server and is accessible in all data centers. SSH connections help secure remote access to resources, remote command execution, the delivery of software patches and updates, and other administrative or management duties.
Operating systems (OSes), routers, server hardware, virtualisation platforms, file transfer software, and OSes are all managed through SSH.
Secure Shell helps access servers, make modifications, perform uploads and exit, either with the use of tools or directly via the terminal. SSH keys are frequently used in scripts, backup programs, and configuration management tools and can be used to automate access to servers.
SSH is convenient, as it uses single sign-on (SSO), which allows users to switch between their accounts without entering their password each time.
SSH traffic is encrypted, ensuring that users’ actions remain private and safe whether they’re transferring a file, browsing the web, or issuing commands.
What are the Capabilities of SSH?
Here are some of the functions that SSH enables:
- It secures remote user access to SSH-enabled network systems or devices and automated processes.
- Help secure sessions for safe and interactive file transfers.
- It protects command issuing on remote systems or devices.
- It manages network infrastructure components.
How to Set Up SSH on Your VPS?
SSH primarily relies on your hosting account and how you’re going to access your VPS Hosting via SSH. For instance, you can easily enable SSH on self-managed VPS hosting and get root access.
However, the situation is a little different with managed VPS Hosting. You receive a point-and-click interface where you can create individual accounts, change their permissions, and enable SSH access.
Since every hosting control panel has its Graphical User Interface (GUI), the steps you need to set up SSH on your VPS differ depending on the management system.
If your web hosting provider uses cPanel/WHM, you’ll have to do the following:
- Log into WHM.
- Locate the Account Functions section from the menu on the left and select Modify an Account.
- Locate the account you wish to modify, then select Modify.
- Scroll down and select the “Shell Access” checkbox at the bottom of the screen.
- Click on the Save button.
- You will be prompted with a popup asking if you want to upgrade the package and give SSH access to every user in the group. Choose the best option for yourself and then click on Continue.
If you have a self-managed server with a default SSH setup, you can take a few actions to secure your computer furthermore.
The first one is changing the default SSH port. SSH operates by default on port 22, and hackers who wish to use brute force to get to the server target this port in their attacks. Changing to a different open port can halt or at least slow them down.
Using cryptographic keys is another option to prevent your computer from hackers. You can use an SSH client to create a public and private key pair for authentication to counter more advanced attacks.
Bigrock and SSH Access
Enabling SSH access is also possible for certain accounts if you use Bigrock’s Linux Hosting server. SSH connections to the Linux Hosting servers of Bigrock can be authenticated using a password or a key.
Connecting to a Server via SSH using Password authentication
- Run the command: ssh -l user remote-server
- Enter the cPanel password.
Connecting to a Server through SSH using key-based authentication
- Log in to the cPanel of the domain to create the key pair(public and private key)
- To access SSH Shell Access, select the Security tab.
- Select ‘Manage SSH Keys’
- Select ‘Generate a New Key’
- Click ‘Generate Key’ after entering the password and the key name.
To learn more about SSH access, click here!
Secure Your Business Online
While SSH may seem like an old-fashioned way of managing a web hosting account, especially for the people who use point-and-click control panels, the protocol already exists for quite some time and is very powerful.
Once you become well-versed with the commands and environment, you will prefer SSH over all other ways.