Open in app

Sign in

Write

Sign in

A Beginners Guide to SSH

Manish Ranjan
9 min readMay 8, 2019

--

What is SSH? How SSH works? What are the cool things we can do using SSH?

What is SSH?

SSH stands for Secure Shell. Just like HTTPS, it is a networking protocol. It means that whenever two computers are communicating, both these systems agree on a set of rules. These set of rules are called protocols.

Protocol: Once there were two magicians Dumbledore and Grindelwald. Both liked to spend time together discussing their journey around the magical world. But at night both of them have to return to their rooms. So they could not talk to each other. It was not safe for owls to send letters because owls were hunted at night by the muggles(assume). So Dumbledore came up with a plan. Both had their rooms facing each other on either side of the road. Dumbledore would keep an eye on the muggles and when the roads were deserted, he would switch on and switch off his room’s lights twice, thrice meant there were muggle hunters on the road. Grindelwald would patiently wait for Dumbledore’s lights to turn on and off twice. He understood that road was now deserted and it was safe to send owls. And so both would send letters to each other at night this way and continue their dreams of becoming a great magician, which they both did.

The switching of lights was a kind of visual signal. Both understood what the signal meant and agreed to communicate like this. This is what protocol is — the set of rules(switching lights on and off twice) which both computers understand and communicate with each other(send data to each other).

The drawback of a protocol is that it is public. Any intruder can crack the information. To tackle this problem, developers started sending encrypted data. HTTPS is an encrypted protocol, that transfers data on the web. However, the whole data is broken down into chunks known as data packets and then sent. Once data is received both systems do not recognize each other.

HTTP(S) Flowchart

How SSH came to the rescue?

SSH ensured that no matter whether data is being sent or not, I will still acknowledge the sender and the receiver. Once I have connected two systems with each other, I will allow persistent connection between them. SSH made the two computers listening to each other even when they are not sending/receiving data.

SSH Flowchart

Where it is used?

Have you ever wondered what is the use of big server rooms, like these:

A room — full of servers.

These contain powerful machines which are being hosted on the cloud. But what is the use of the machine if I cannot access it. We cannot go and physically access the server.

SSH is the networking protocol used to establish a secure communication channel between the server machine and the user’s local system.

SSH is used to make a secure transmission line between the systems for communication. Using SSH I can access the terminal of a machine on the cloud. This is so powerful that a person sitting in China can make changes to a system residing in a data warehouse in the United States without being physically present.

Earlier it was known as telnet. Using telnet we can achieve the same result. SSH is just more secure than telnet, hence we use SSH.

How SSH Works?

The basic idea of SSH is that computer listens to what the connected computer has to say. So a part of the computer must be dedicated to that cause. For that purpose, we have something called ports.

Assume there is a Harbor, where there are numerous berths allotted to each ship. A Ship can dock to their berth allotted.

An analogy for Computer Ports.

Here harbor is analogous to a computer, berths are analogous to ports in a computer. Computer ports are specials slots where connections are established and data is being loaded/unloaded for data transmission. There are some special ports allocated to specific networking protocols.

Ports in a computer.

Say port 443 is allocated for HTTPS connections. This means that any connection that follows the HTTPS protocol must use port 443.

Similarly, port 22 is allocated to SSH connections. Any connection that follows SSH protocol must use port 22.

Now the data being transferred is designated to a particular port. What is unique in SSH is that once data starts getting transferred it establishes a tunnel for further communications. A tunnel is nothing but a path which data packets follow to reach the destination computer and remembers for successive data transfers.

We use another term, Socket. In layman terms, a socket is a name given to something which is used to listen to a particular port. A socket gets triggered whenever it encounters incoming data. We also use(or revive) a socket to transfer data through the tunnel.

SSH in Action

I have a machine in the cloud. The public IP of the machine is 13.13.13.13(assume). To connect to my machine using SSH:

ssh zemotacqy@13.13.13.13

Here zemotacqy is the username of the remote machine(the system on the cloud). After entering the password you are good to go. The basic syntax for connecting to a remote machine using SSH:

ssh -i "/path/to/key" username@hostip

Here host refers to the remote machine. The public IP of the host machine is hostip. The -i flag is used to specify the key. A key is another method to enter into my system. In the previous example, we did not use any key. We can specify the remote machine to authenticate the user using either a password or an authentication key.

Using this command we would have access to our remote machine. This means whatever command I now type in my terminal will get executed in remote machine’s terminal. But SSH is a persistent two-way communication protocol. This means that whatever is the output on remote machine’s terminal will be sent to my terminal, that too in real time(with some lag).

Generate SSH Keys

In Linux machines, it is fairly easy to generate SSH keys. We create two keys:

  1. Public Key
  2. Private Key

Public key is available to both remote machine and local machine(User’s system). Private key is available only with local machine.

ssh-keygen -t rsa

rsa is the cryptographic algorithm for generating keys. This command on linux terminal will generate a pair of a public-private key. While using SSH specifying the -i flag, enter the path to the private key to connect to the remote machine.

SSH Tunneling

Tunneling is a very powerful concept. SSH tunneling means that the persistent connection in SSH is happening inside a tunnel connecting two computer ports. This existence of a tunnel ensures no intrusion takes place and data is transferred smoothly.

Port Forwarding

This idea is generally used to connect to remote machines which reside behind a firewall. The firewall blocks some ports which use SSH connections. So our main motive is to use a different port for SSH connections.

Port Forwarding

Here local system is denoted by Green server and remote machine is denoted by Blue server.

Task: I want to access my remote machine using SSH(default port 22).

Problem: There is a firewall in between. This firewall blocks any connection made to the blue server using port 22. Thus any attempt to establish a connection with Blue server using port 22 will get blocked.

Hint: The connections made using any uncommon port like 2222 will not get blocked(provided 2222 has not been explicitly blocked by firewall). Port number can vary between 0–65535.

Solution: The idea is to fool the firewall. We would make an SSH connection using a different port, say 2222, get the connection passed through the firewall and again switch to port 22.

Let’s see how we can achieve it using SSH.

ssh -L port1:<host_ip>:port2 host_username@hostip

-L stands for Local port forwarding.

port1 is the alternative port you want to use for establishing an SSH connection. Here port1 = 2222.

host_ip is the public IP of the remote machine

port2 is the port which needs to be used for SSH after the connection bypasses the firewall. This is generally port 22.

And host_username and host_ip remains the same.

How to read the above command?

I am directing my local machine to use port1 to establish the SSH tunnel. Thereafter when the tunnel has been established i.e. bypassed the firewall, use port2 to connect to host_ip, or the more technical term would be forward the request made by local machine’s port1to remote machine’s port2. Here we are authenticating the user by specifying the password on prompt.

In fact, normal SSH command is nothing but a Local Port forwarding with port1 = port2.

There are two sides to an SSH connection, Local Side and Remote Side. -L is used for Local Side and -Ris used for Remote Side.

When we specify -L we say that user is on Local Side, so whatever happens, show the results in Local side. This means that show the output of Remote Terminal on Local Side. Local Side is the entry point for the SSH connection.

-R flag is a bit more complex. It is called Remote port forwarding. This means that the port forwarding happening on Local Side will now happen on Remote Side.

Suppose we have a problem:

I am able to access my remote terminal. Using this remote terminal I want to access my Local Terminal.

Obviously, I have no public IP allocated to my local machine. So I cannot identify it on the internet. What I can do is access the remote machine from the local machine. So I would use my local machine once to create a tunnel from local to the remote machine and then specify to SSH, I am going to enter this tunnel from the remote side. This would solve our problems. How? I will be able to create a tunnel without needing to allot any public IP to my local machine. The main motive to uniquely identify the local machine on the internet to create a tunnel. Now that the tunnel is created we can proceed further.

ssh -R port1:localhost:port2 host_username@host_ip

Enter this command on local terminal and set it aside. This means whenever there is an SSH connection to port1 on remote side, redirect it to localhost:port2. Now since this command is run on local terminal localhost refers to local machine. So any SSH connection made on port1 on remote side will be redirected to localhost:port2 using the Tunnel made using this command. Here host_username and host_ip refers to Remote Machine, to authenticate user create reverse SSH tunnel.

ssh -p port1 username@localhost

Enter this command on remote terminal. This will try to make an SSH connection on port1. But due to reverse SSH tunnel created using the above command, this connection will be redirected to the reverse SSH tunnel. Here the entry point is remote Terminal (remember the -R flag). Thus we need to connect to local terminal, username@localhost will be the credentials of local machine.

Make sure SSH connection on local machine is on port2. Here port2 is generally 22.

So using Remote port Forwarding, we can access the local machine from any remote terminal by initializing a reverse SSH tunnel from local side.

Using SSH tunneling we can make cool stuffs. One such project is my own remoTer. Using remoTer we can control local system’s terminal in real time using a remote machine. remoTer is made by connecting various data streams of SSH, thus providing real-time access to local machine’s terminal.

Next in this series will be Dynamic Port Forwarding, its use case is mainly to provide P2P connection using a remote machine!

Ssh
Networking
Linux
Sockets
Protocol

--

--

Manish Ranjan

Written by Manish Ranjan

40 Followers

Developed to Learn | Active Web Developer | Learning by Teaching

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams