SSH is a protocol (Internet communication standard) required to operate computers and network devices. Since the information exchanged on the Internet can be encrypted, security when connecting to the server is ensured.
With the increasing number of work styles such as working from home and teleworking, there is an urgent need for companies to create an environment where they can work online safely and remotely.
SSH is one of the technologies that will play an active role in such a new era.
In this article, we will explain SSH information and authentication methods in an easy-to-understand manner even for beginners.
table of contents
- 1. What is SSH?
- 2. Difference between SSH and SSL
- 3. Types of SSH authentication methods
- 4. Benefits of using SSH
- 5. Pit pits in SSH
- 6. Recommended SSH client
- 7. Take advantage of SSH to secure remote access!
What is SSH?
SSH is an abbreviation for “Security Shell”. A protocol or software for remotely logging in to another computer or entering a particular server. By using SSH, all communication including the authentication part will be encrypted, and it will not be easily decrypted by a third party.
Before SSH became widespread, a connection method called “telnet” was used. In the case of conventional telnet, the data exchanged is not encrypted, so it is relatively easy to snoop information and there is a security problem, so more and more companies are using SSH.
SSH is also a protocol implemented in iOS and Android. Therefore, if the SSH usage environment is in place, the remote connection is easily possible from smartphones and tablet terminals, so it is also used in business.
By the way, SSH also means “Super Science Highschool”, but I will omit it because it is not relevant in this article.
Difference between SSH and SSL
SSH and SSL have similar names, and although they both have the same part of encrypted communication, they have different uses and purposes.
|Use / use case
official name: Secure Shell
|A protocol that encrypts communication data when operating computer equipment remotely
official name: Secure Socket Layer
|A protocol that encrypts and sends and receives communication data between a terminal and a server on the Internet
SSH is a protocol that encrypts communication data mainly when operating computer equipment remotely. On the other hand, SSL is a protocol that encrypts and sends and receives communication data between terminals and servers on the Internet.
There are also differences in how users are authenticated. In the case of SSH, “authentication by public key” is used for user authentication, but SSL has a different point such as “authentication by certificate”. As mentioned above, the part that encrypts the communication is the same, but the purpose and purpose are different, so be careful not to confuse it.
SSH authentication method type
The main SSH authentication method is public-key authentication. Other than that, there is also password authentication, so I will explain each.
● Public key authentication method
The public key authentication method is a method of collating and authenticating a “public key” and a “private key”. By using the public key authentication method, you can change to the method of “allowing login only from the person (personal computer) who has the key”. By the way, although it is called a “key”, it is not a key. It’s just a system collation, but for convenience, it’s called this way.
|Those that can create digital signature data
|Those that can verify whether the digital signature data is correct
With the private key, you can create data called “electronic signature”. The “electronic signature” created with this private key is distributed to the server-side and registered. After that, it verifies that the private key of the computer to log in matches the public key registered on the server-side, and if it passes, the authentication is successful and the remote connection is permitted.
This public key authentication method is safe as long as the private key is not leaked to a third party. Public key authentication is recommended for remote connections.
● Password authentication method
As the name implies, the password authentication method is “a method to access the server with a password”.
You can log in by setting a password on the server-side and entering the matching password from the client terminal when accessing.
Password authentication methods are generally familiar. However, compared to public-key authentication, it is an authentication method that is more concerned about security, and it is not recommended when using SSH in a company.
This is because if the administrator sets a simple password, it can be easily unlocked by a third party and an unauthorized login can occur. Also, if you reuse the same password on multiple websites, information can be stolen from another location and security can be breached.
Although the password authentication method is easy, use the public key authentication method to make a remote connection with stronger security.
Benefits of using SSH
Introducing the advantages of SSH that encrypts communication data and enables you to use the Internet safely.
● Secure communication is possible
Secure communication is possible by using SSH. Secure communication is, in a word, “secure communication”.
Encrypted communication, which is the greatest merit of SSH, enables you to handle important information safely without being seen by a third party. In addition, since public-key cryptography is used as the authentication method, it is possible to prevent access by spoofing. Therefore, it helps to protect IDs, passwords, personal information, etc., and also to prevent the risk of leakage of confidential corporate information.
Especially these days when the demand for teleworking and teleworking is increasing, it is important to create an environment where you can operate safely and remotely and work safely.
● Files can be edited on the server
In communication using SSH, it is possible to edit the file directly on the server.
In the case of Telnet, which was used before SSH became widespread if there was a file you wanted to edit, you had to download it to your local disk once. And when the editing of the downloaded file was completed, it took time to upload it to the original folder again.
In that respect, SSH allows you to edit files directly on the server. Then, it is possible to save the trouble of downloading and uploading the files that have been done so far. This will enable you to achieve efficient work.
In addition to editing, when downloading multiple files at once, it is also possible to compress them on the server and download the files as they are.
Pit pits in SSH
Awareness of information security measures is constantly increasing, and this trend will continue in the future. On the other hand, however, there are still challenges in encrypting communications.
The challenges include the following risks.
● Risks due to reuse of public-key authentication keys
In public-key authentication, the risk of information leakage increases because one key is reused by multiple users. The reason is that a single key leak can damage all servers. Create keys individually as you can easily access any server and increase the risk of information leakage. If you want to create a stronger access environment, you can improve security by creating a key pair for each server to connect to even if you are the same user.
● Risk of reusing ID/password
If the server in the system where the information is stored as a common ID/password, the risk of information leakage increases. The reason is that a single ID/password leak will damage all servers. Since you can easily access any server, the risk of information leakage increases, so please use different passwords for each server and each user.
● Risk of using insecure passwords
If you use a weak password, you are vulnerable to SSH brute force attacks (brute force IDs and passwords) and are vulnerable to attacks. Also, quit insecure passwords as there is a risk of an easy security breach. There are many information leakage incidents due to sloppy password management, so be sure to keep in mind highly secure password management.
● Risk of embedding passwords in automated scripts
If the password is written directly in the automatic transfer script, it will be easy to obtain the password. This is because the script file is stored in clear text on the server. You should stop embedding the password in the script itself, but to prevent this, encrypt the string inside the password file.
● Risk of not being able to manage keys
While operating SSH with public-key authentication, the risk of information leakage increases if keys are not managed properly. The administrator is required to know which server the key is located on and to manage and operate it to see if there are any unnecessary or unknown keys. If this is not done, unauthorized access will not be noticed and may lead to information leakage. For proper key management, we recommend that you create and manage a management ledger.
Let’s manage the user key in the management ledger by associating the relationship between the private key and the public key. Also, to check for unauthorized or unknown keys, log in to the server regularly to check and record.
Operating costs will increase, but it is better to reduce the risk of information leakage. If you want to reduce costs, some products will automatically collect key information. If necessary, you may want to consider introducing such a product.
Recommended SSH client
Introducing the server software for accepting SSH connections.
“OpenSSH” has a long history as the de facto standard software for SSH since its first edition was released in 1999, and is the most used in the world. OpenSSH has both server and client functionality and is installed by default on Unix / Linux operating systems. Therefore, if you are a Unix / Linux OS user, we recommend using OpenSSH first.
● Apache MINA / SSHD
“Apache MINA” is a library that allows you to build an SSH server in the development language Java. Its original role is a framework library that allows you to build network applications in Java. However, there is an SSHD project as a subproject, and a library for building an SSH server has also been developed and provided.
“PuTTY” is a free SSH client software developed by Simon Tatham. The supported OS is not only Windows but also Mac and UNIX. Another feature of PuTTY is that you can start multiple PuTTY and connect to the terminal at the same time.
● Window Subsystem for Linux
“Window Subsystem for Linux” is an SSH that you can download and use a Linux distribution from the Windows 10 store. You can build a Linux environment on Windows. An X11 server and other Linux environments can be built at the same time, and commands can be used from the Linux environment.
Take advantage of SSH to secure remote access!
With security in mind, set up SSH well to prepare for an attack. Especially when you build your server, you need to set SSH. As the Internet becomes more widespread and the usage scene expands, why not consider using SSH, which can protect your company’s security and reduce the workload.
If you ever want to know about similar things, check out the Facebook page Maga Techs