Skip to main content
HashnodeSECURE SHELL PROTOCOL

Command Palette

Search for a command to run...

Secure Shell Protocol

Updated
8 min read
C
cherukuri naga vengama naidu

1. What is SSH?

Think of SSH like a secure, invisible cable connecting your laptop to another computer (a server). In the old days, people used a system called "Telnet." The problem was that Telnet sent everything—including your password—like a postcard that anyone could read. SSH is different; it puts everything into a high-tech, locked safe before sending it. Even if someone "steals" the safe while it's traveling through the internet, they can't see what's inside.

2. Why It Matters

Before SSH existed, hackers could easily "eavesdrop" on the internet and see passwords in plain text. Imagine if you shouted your bank password across a crowded room—that was the old way. SSH solved this by scrambling the data into a code that only the two computers involved can understand. This means even on a public Wi-Fi at a coffee shop, your connection to your server remains completely private and safe.

3. How the Connection Happens

When you tell your computer to connect to a server, they perform a "handshake." First, the server shows its ID card to prove it is the real server and not a fake one set up by a hacker. Then, they agree on a secret code for that specific session. Only after this "tunnel" is locked and encrypted do you send your login details. This all happens in a split second before you even see the command prompt.

Basic flow:

Client Machine  →  Internet  →  SSH Server

When you run:

ssh user@server_ip

Here’s what happens internally:

  1. Client connects to server on port 22

  2. Server sends its public key

  3. Key exchange establishes encrypted channel

  4. Authentication occurs (password or key-based)

  5. Secure session starts

After authentication, all commands and data are encrypted.

4.How to SSH Into a Server

Basic command:

ssh username@server_ip

Example:

ssh ubuntu@192.168.1.10

If using a private key:

ssh -i mykey.pem ubuntu@server_ip

5. SSH Authentication: Passwords vs. Keys

Gemini said

When you want to log into a remote computer (the server), you need to prove you are who you say you are. This is called authentication. There are two main ways to do this, and one is much safer than the other.

There are two ways to prove you are allowed to enter a server. The Password way is like a standard door lock; if a hacker guesses the word, they get in. This is why most pros use SSH Keys. This is the industry standard because it uses math instead of words. You have a "Key Pair." The Public Key stays on the server like a lock, and the Private Key stays on your laptop. You don't have to remember anything; your computer just shows the key to the lock, and the door opens instantly.

1. Password-Based Authentication

This is the way most people are used to logging into things. It is just like logging into Facebook or your email.

How it works: Imagine the server is a locked house. When you arrive, the server asks, "What is the secret word?" You tell the server the password. Because you are using SSH, the password is put into a "locked box" (encrypted) before it travels over the internet, so no one can see it while it's moving. The server opens the box, sees the word is correct, and lets you in.

  • The Good: It is very easy to understand and quick to set up.

  • The Bad: It is risky. Hackers use "Brute Force" programs that act like robots, trying thousands of common passwords every second until they find yours. If your password is "Password123," a hacker will get into your server in seconds.

2. Key-Pair Based Authentication (The Pro Way)

This is the industry standard for tech jobs. Instead of using a word that you have to remember, you use a special pair of digital files that "fit" together.

How it works: Think of this like a high-security lock and key. You generate a "Key Pair" on your laptop:

  1. The Public Key: This is the Lock. You give this to the server and "bolt" it onto the front door. It is safe for anyone to see this key because you can't use a lock to open a lock.

  2. The Private Key: This is the Physical Key. You keep this file hidden on your own laptop. You never give it to anyone.

When you want to log in, your laptop shows your Private Key to the Public Key (the lock) on the server. If they match, the door opens instantly. You don't even have to type a password.

6. Creating and Storing Your Keys

When you run a command like ssh-keygen, your computer creates two files in a hidden folder called .ssh. Think of this folder as your digital keychain. The file ending in .pub is your Public Key—you can share this with the world or put it on any server you want to access. The other file has no extension; that is your Private Key. You must never share this file, move it, or let anyone see it. If a hacker gets your private key, they effectively become you.

Using OpenSSH, run:

ssh-keygen

You’ll see:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

7. Where SSH Keys Are Stored by Default

By default, keys are stored in:

~/.ssh/

On Linux/macOS:

/home/username/.ssh/

On Windows:

C:\Users\Username\.ssh\

Files Created

If RSA:

~/.ssh/id_rsa        → Private key
~/.ssh/id_rsa.pub    → Public key

If Ed25519:

~/.ssh/id_ed25519
~/.ssh/id_ed25519.pub

What Each File Means

🔐 Private Key

  • Must remain secret

  • Used to prove identity

  • Never share

  • If leaked → attacker can log in as you

📢 Public Key

  • Safe to share

  • Copied to server

  • Stored in:

~/.ssh/authorized_keys

on the remote server.

8. Important SSH Directory Files

Inside ~/.ssh/:

FilePurpose
id_rsa / id_ed25519Private key
.pub filePublic key
authorized_keysAllowed public keys
known_hostsStores server fingerprints
configSSH configuration settings

9. What is a Passphrase?

Think of your Private Key (the file on your laptop) as a physical gold key that opens your server’s door. If that key is just sitting on your desk, and someone sneaks into your room and steals it, they can go to the server and unlock the door immediately.

A Passphrase is like putting that gold key inside a digital safe. Even if a thief steals the safe (your Private Key file), they can't actually use the key inside unless they know the secret code to open the safe.

How It Works in Real Life

When you create your SSH keys using the ssh-keygen command, the computer will ask: "Enter passphrase (empty for no passphrase):"

  • If you leave it empty: Your key is "naked." Anyone who gets the file can use it.

  • If you type a passphrase: Your computer scrambles the Private Key file. It stays scrambled on your hard drive. Every time you try to connect to a server, a little box will pop up asking for that passphrase to "unscramble" the key just for that one moment.

Why Bother Using One?

You might think, "I already have a password on my laptop, why do I need a passphrase for my key?" Here are three very simple reasons:

  • The "Coffee Shop" Scenario: You leave your laptop open for two minutes to grab a latte. Someone plugs in a tiny USB drive, copies your .ssh folder, and leaves. If you have a passphrase, those stolen files are useless to them.

  • The "Accidental Upload" Scenario: Many developers accidentally upload their private keys to GitHub (it happens more than you'd think!). If you have a passphrase, you have time to delete the key and change your locks before a hacker can "crack" the safe.

  • The "Stolen Laptop" Scenario: If your laptop is lost or stolen, your passphrase ensures that the thief can’t use your computer to hack into your work or company servers.

How to Avoid Typing It Every Time (The SSH Agent)

Entering a long passphrase every single time you want to save code can be annoying. This is where the SSH Agent helps.

Think of the SSH Agent like a valet. When you start your workday, you give the valet your passphrase once. The valet opens the "safe," takes out the key, and holds it in the computer's memory for you. For the rest of the day, whenever you need to log in, the valet handles it. When you turn off your computer, the valet disappears, and your key is safely locked back in its safe.

Summary: Password vs. Passphrase

  • Password: Proves who you are to the server.

  • SSH Private Key: Is a physical object (a file) that proves you have permission.

  • Passphrase: Is the lock on that object so no one else can use it.

10. Real-Life Examples You Use Daily

You are likely using SSH already without knowing it. If you use GitHub to save your code, your laptop uses SSH to "handshake" with GitHub’s servers so it knows you are the owner of the project. If you use Amazon Web Services (AWS) or Google Cloud, engineers use SSH to go "inside" those cloud computers to fix bugs or install software. Even modern developers using Windows Subsystem for Linux (WSL) use these connections to move files around securely within their own machines.

What You Can Do Via SSH

✔ Install software
✔ Delete or modify files
✔ Restart services
✔ Create users
✔ Manage firewall
✔ Deploy applications
✔ View logs
✔ Run scripts
✔ Access databases
✔ Kill processes

If you have root access:

You control the entire machine. BUT NO ANY INTERFACE just by using the terminal.

#ssh#ssh-keys#smbprotocol#devops#cloud-computing#networking

Comments

Join the discussion

No comments yet. Be the first to comment.