SSH remote connection#
(Secure SHell) Protocol allowing to connect remotely in CLI to a server. Its main advantages are being fully encrypted and providing full access to server functionality. There are SSH extensions for more specific uses like SFTP or SCP. — Wikipedia
(SSH File Transfer Protocol) File transfer and remote management protocol based on SSH. It is thus fully encrypted, and therefore comparable to FTPS, but it offers more features (e.g. display of file owners). — Wikipedia
(Secure CoPy) Protocol for copying files between two computers based on SSH. SCP is mainly used with the CLI client of the same name. — Wikipedia
The first connection is critical because the key exchange takes place at this moment. To avoid a man-in-the-middle attack we have to make sure that we received the correct key during this exchange.
If you don’t know how to add the server key to your device, the tutorial First SSH connection is for you!
There are two ways to authenticate for an SSH connection. The simplest is to use a password, however it is less secure than using a public key.
Authenticate via password#
We use the following command in the terminal to connect (replace
<login> with your CLUB1 login):
You must then enter your CLUB1 password (it is normal that the password is not displayed at the time of writing).
Authenticate with a public key#
Public key authentication requires an encryption key pair. To create these keys, we use the command below. A passphrase will be requested when generating the keys, it allows them to be stored securely. On Linux, the keys will be automatically unlocked when opening a session, so do not hesitate to choose a long passphrase.
The command thereafter then effortlessly sends the public part of the key to the server to be able to use it as an authentication method (replace
<login> with your CLUB1 login). It will ask you to enter you CLUB1 password to work.
ssh-copy-id -i ~/.ssh/id_rsa <login>@club1.fr
Finally, we use the same command again to connect. But this time it’s the keys that will be used. If they are not already unlocked, the passphrase will be prompted.