First SSH connection#

In this tutorial, we will see how to connect to the server for the first time in SSH in a secure way.

Caution

This tutorial has not yet been tested on Windows. Some steps may not work. If you encounter a problem, the section “Demandes et Incidents” explains how to report it to us.

Connection with the terminal#

To make this SSH connection we will use OpenSSH. This software is used in CLI, so it is necessary to open a terminal window (cmd on windows)! 🥵

Don’t be impressed by its disconcerting interface, it’s a tool that will make you a real computer magician! 🧙

We use the following command in the terminal to connect (replace USER with your CLUB1 login):

ssh USER@club1.fr

Tip

Press Enter to run a command from the terminal.

You should see the following message:

The authenticity of host 'club1.fr (***)' can't be established.
ED25519 key fingerprint is SHA256:*********.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

😱 Wow! What the hell is this??

In fact, this is normal, OpenSSH warns us that the authentication of the connection is not guaranteed because your device does not know this server yet.

Replying yes to this message exposes oneself to a man-in-the-middle attack. So we’re going to answer no for now.

Trust reigns#

We will add to your device the public key of the CLUB1 server. This allows to guarantee the authenticity of the server’s answers and to initialize an encrypted connection. In this way we are certain that we are indeed dealing with the CLUB1 server.

To be sure that this is indeed the CLUB1 server’s key, it must be acquired from another source than the SSH connection itself in case it is compromised 😮.

🤔 But then, what guarantees that the new source is not also compromised?

The source of the key we are going to use comes from the Web, through an encrypted and authenticated connection via TLS 🔒 (This is the famous s in https).

known_hosts file#

Concretely, this consists of adding a line of text containing the key 🔑, to a file on your device. This file will be called known_hosts, known servers. It should be in a .ssh folder, itself within your personal space on your device.

Note

The folder corresponding to your personal space is usually named after your user on this device.

📁 <utilisateur>
├─ 📁 .ssh
│  └─ 📄 known_host    👈
├─ 📁 Documents
├─ 📁 Images
...

Normally, the .ssh hidden folder should have been created during the SSH connection attempt.

Now we just have to write the server key in a known_host file. The following command does all that for you! 🪄

echo 'club1.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFQJRiEKM9iywtuvjLD7Wvp6F7VqM6ocuc0Q05LGKU6' >> ~/.ssh/known_hosts

If everything went well, the file known_hosts should now contain a line with the key.

You should now be able to connect via SSH without seeing the alert message and you will then need to enter your CLUB1 password.

Attention

Lorsque vous tapez votre mot de passe, rien ne s’affiche ! C’est normal, il s’agit d’une mesure de sécurité qui permet de ne même pas révéler le nombre de caractères du mot de passe. 🤫

Tip

Dans une fenêtre de terminal, il est généralement possible de “coller” un texte en faisant “Clic droit” → Coller.

In the server#

Congratulations 🎉, you are now connected to the server in SSH! It is a privileged access, because it is the one that gives you the most freedom of interaction with the server.

🍾 To celebrate, here is a small selection of commands to discover:

passwd#

Allows you to change your CLUB1 password (this will therefore have an effect on the connection to all services). — Manual: passwd.1

htop#

Allows you to see what is happening on the server at the moment and how much resources are being used. Press the Q key to exit. — Manual: htop.1