First SSH connection#
In this tutorial, we will see how to connect to the server for the first time in SSH in a secure way. For this, no need to install additional software, the majority of operating systems already have everything necessary for this connection 😌. That said, herbal tea and a quiet space can be helpful in this adventure.
Note
If you are stuck or encounter a problem, the section “Demandes et Incidents” explains how to report it to us.
Connection with the terminal#
To make this SSH connection, we need to open a terminal window! 🥵 To do this, you need to launch a program on your computer that is usually called terminal or console.
For Windows
In the case of Windows, use the program called Powershell. Since its default configuration is terrible 💩, it must be corrected with the following command:
$PSDefaultParameterValues['Out-File:Encoding'] = 'utf8'
To “paste” the text in Powershell you can do Ctrl + V, or just right click with your mouse.
Don’t be impressed by its disconcerting interface, it’s a tool that will make you a real computer magician! 🧙 A bit like spells, you cast—or rather run commands in it.
Umm… but how do we run a command 🤨?
In a terminal, you must type the text of an command, then press Enter to run it! 🪄
To connect with SSH, we use the following command (replace USER with your CLUB1 login):
ssh USER@club1.fr
You should see the following message:
The authenticity of host 'club1.fr (***)' can't be established.
ED25519 key fingerprint is SHA256:*********.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
😱 Wow! What the hell is this??
In fact, this is normal, OpenSSH warns us that the authentication of the connection is not guaranteed because your device does not know this server yet.
Replying yes to this message exposes oneself to a man-in-the-middle attack 🥸. So we’re going to answer no for now.
Trust reigns#
We will add to your device the public key of the CLUB1 server. This allows to guarantee the authenticity of the server’s answers and to initialize an encrypted connection. In this way we are certain that we are indeed dealing with the CLUB1 server.
To be sure that this is indeed the CLUB1 server’s key, it must be acquired from another source than the SSH connection itself in case it is compromised 😮.
🤔 But then, what guarantees that the new source is not also compromised?
The source of the key we are going to use comes from the Web, through an encrypted and authenticated connection via TLS 🔒 (This is the famous s in https).
known_hosts file#
Now we just have to write the server key in a file. The following commands do all that for you! 🪄
mkdir -p ~/.ssh
echo 'club1.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFQJRiEKM9iywtuvjLD7Wvp6F7VqM6ocuc0Q05LGKU6' >> ~/.ssh/known_hosts
Tip
In a terminal window, it is usually possible to “paste” a text by doing “Right click” → Paste. Or Ctrl + Shift + V.
If everything went well, it added a line of text containing the key 🔑, to a file on your device. This file is called known_hosts, for known servers. It is located in a .ssh folder, itself within your personal space on your device.
Note
The folder corresponding to your personal space is usually named after your user on this device.
📁 <utilisateur>
├─ 📁 .ssh
│ └─ 📄 known_host 👈🏽
├─ 📁 Documents
├─ 📁 Images
...
Secure connection#
Now that you have gone through all these steps, you should be able to connect via SSH without seeing the alert message.
We run the command again:
ssh USER@club1.fr
This time, you will need to enter your CLUB1 password.
Attention
When you type your password, nothing is displayed! It is normal, it is a security measure that does not even reveal the number of characters in the password. 🤫
In the server#
Congratulations 🎉, you are now connected to the server in SSH! It is a privileged access, because it is the one that gives you the most freedom of interaction with the server.
🍾 To celebrate, here is a small selection of commands to discover.