First SSH connection#

In this tutorial, we will see how to connect to the server for the first time in SSH in a secure way.

Caution

This tutorial has not yet been tested on Windows. Some steps may not work. If you encounter a problem, the section “Demandes et Incidents” explains how to report it to us.

Connection with the terminal#

To make this SSH connection we will use OpenSSH. This software is used in CLI, so it is necessary to open a terminal window (cmd on windows)! 🥵

Don’t be impressed by its disconcerting interface, it’s a tool that will make you a real computer magician! 🧙

We use the following command in the terminal to connect (replace <login> with your CLUB1 login):

ssh <login>@club1.fr

Tip

Press Enter to run a command from the terminal.

You should see the following message:

The authenticity of host 'club1.fr (***)' can't be established.
ED25519 key fingerprint is SHA256:*********.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

😱 Wow! What the hell is this??

In fact, this is normal, OpenSSH warns us that the authentication of the connection is not guaranteed because your device does not know this server yet.

Replying yes to this message exposes oneself to a man-in-the-middle attack. So we’re going to answer no for now.

Trust reigns#

We will add to your device the public key of the CLUB1 server. This allows to guarantee the authenticity of the server’s answers and to initialize an encrypted connection. In this way we are certain that we are indeed dealing with the CLUB1 server.

To be sure that this is indeed the CLUB1 server’s key, it must be acquired from another source than the SSH connection itself in case it is compromised 😮.

🤔 But then, what guarantees that the new source is not also compromised?

The source of the key we are going to use comes from the Web, through an encrypted and authenticated connection via TLS 🔒 (This is the famous s in https).

known_hosts file#

Concretely, this consists of adding a line of text containing the key 🔑, to a file on your device. This file will be called known_hosts, known servers. It should be in a .ssh folder, itself within your personal space on your device.

Note

The folder corresponding to your personal space is usually named after your user on this device.

📁 <utilisateur>
├─ 📁 .ssh
│  └─ 📄 known_host    👈
├─ 📁 Documents
├─ 📁 Images
...

Normally, the .ssh hidden folder should have been created during the SSH connection attempt.

Now we just have to write the server key in a known_host file. The following command does all that for you! 🪄

echo 'club1.fr ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFQJRiEKM9iywtuvjLD7Wvp6F7VqM6ocuc0Q05LGKU6' >> ~/.ssh/known_hosts

If everything went well, the file known_hosts should now contain a line with the key.

You should now be able to connect via SSH without seeing the alert message and you will then need to enter your CLUB1 password (it is normal that the password is not displayed at the time of writing 🤫).

In the server#

Congratulations 🎉, you are now connected to the server in SSH! It is a privileged access, because it is the one that gives you the most freedom of interaction with the server.

🍾 To celebrate, here is a small selection of commands to discover:

passwd#

Permet de changer son mot de passe CLUB1 (cela aura donc un effet sur la connexion à tous les services). — Manuel : passwd.1

htop#

Allows you to see what is happening on the server at the moment and how much resources are being used. Press the Q key to exit. — Manual: htop.1