First SSH connection#
In this tutorial, we will see how to connect to the server for the first time in SSH in a secure way.
Caution
This tutorial has not yet been tested on Windows. Some steps may not work. If you encounter a problem, the section “Demandes et Incidents” explains how to report it to us.
Connection with the terminal#
To make this SSH connection we will use OpenSSH. This software is used in CLI, so it is necessary to open a terminal window (cmd
on windows)! 🥵
Don’t be impressed by its disconcerting interface, it’s a tool that will make you a real computer magician! 🧙
We use the following command in the terminal to connect (replace USER
with your CLUB1 login):
ssh USER@club1.fr
Tip
Press Enter to run a command from the terminal.
You should see the following message:
The authenticity of host 'club1.fr (***)' can't be established.
ED25519 key fingerprint is SHA256:*********.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
😱 Wow! What the hell is this??
In fact, this is normal, OpenSSH warns us that the authentication of the connection is not guaranteed because your device does not know this server yet.
Replying yes
to this message exposes oneself to a man-in-the-middle attack. So we’re going to answer no
for now.
Trust reigns#
We will add to your device the public key of the CLUB1 server. This allows to guarantee the authenticity of the server’s answers and to initialize an encrypted connection. In this way we are certain that we are indeed dealing with the CLUB1 server.
To be sure that this is indeed the CLUB1 server’s key, it must be acquired from another source than the SSH connection itself in case it is compromised 😮.
🤔 But then, what guarantees that the new source is not also compromised?
The source of the key we are going to use comes from the Web, through an encrypted and authenticated connection via TLS 🔒 (This is the famous s
in https
).
known_hosts
file#
Concretely, this consists of adding a line of text containing the key 🔑, to a file on your device. This file will be called known_hosts
, known servers. It should be in a .ssh
folder, itself within your personal space on your device.
Note
The folder corresponding to your personal space is usually named after your user on this device.
📁 <utilisateur>
├─ 📁 .ssh
│ └─ 📄 known_host 👈
├─ 📁 Documents
├─ 📁 Images
...
Normally, the .ssh
hidden folder should have been created during the SSH connection attempt.
Now we just have to write the server key in a known_host
file. The following command does all that for you! 🪄
echo 'club1.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFQJRiEKM9iywtuvjLD7Wvp6F7VqM6ocuc0Q05LGKU6' >> ~/.ssh/known_hosts
If everything went well, the file known_hosts
should now contain a line with the key.
You should now be able to connect via SSH without seeing the alert message and you will then need to enter your CLUB1 password.
Attention
Lorsque vous tapez votre mot de passe, rien ne s’affiche ! C’est normal, il s’agit d’une mesure de sécurité qui permet de ne même pas révéler le nombre de caractères du mot de passe. 🤫
Tip
Dans une fenêtre de terminal, il est généralement possible de “coller” un texte en faisant “Clic droit” → Coller.
In the server#
Congratulations 🎉, you are now connected to the server in SSH! It is a privileged access, because it is the one that gives you the most freedom of interaction with the server.
🍾 To celebrate, here is a small selection of commands to discover: