protocol examples:

• HTTP (Hyper Text Transfer Protocol)
• FTP (File Transfer Protocol)
• HTTPS (HTTP Secure - i.e. encrypted)
• SSH (Secure Shell Protocol)
• IMAP (Emails)

secure network connections

• avoid password authentication for secure connections

SSH: Secure Shell Protocol

• a cryptographic network protocol for operating network services securely over an unsecured network

• most notable applications are remote login and remote command-line execution

• host: remote server we are trying to connect to using SSH
• client: computer used to access the host

CLI command for ssh connections

• ssh {user}@{host} (linux & mac)
  • example: ssh root@167.99.146.50
    • 167.99.146.50: host address, can be IP addresses and domain names
    • root: user account within the host computer
• in windows, utilize SSH client called PuTTy

SSH under-the-hood:

• encryption is to hide something by jumbling it up, needs to be decrypted to get back hidden information

• SSH under the hood has three parts:

  • symmetrical encryption
    • uses one secret key for both encryption and decryption
    • SSH uses a shared key
      • generated prior to client authentication
      • is specfic to that SSH session
      • key exchange algorithm steps into share the key the client and the host
  • asymmetrical encryption
    • uses separate keys for encryption and decryption
    • public-private key pairs (Public-key cryptography)
      • private key cannot be used to compute public key
      • private keys are used to encrypt, not to be shared with anyone as this relies on the private key being a secret for providing encrpytion
  • hashing
    • the client may be impersonated to the server by providng the right keys
    • all data will be recevied by the impersonater if keys are compromised
    • this warrants for hashing, which is cryptography used in SSH
      • BCrypt is a popular hashing package in npm
    • if 3rd party dupes client or host
      • hashes verify the authenticity of the data
    • HMAC is a popular hashing function

notes

• asymmetric encryption is time consuming and hence most SSH connections use symmetric encryption
  • asymmetric encrytpion is only used to share a secret key, after which the secret key is used for the SSH communication
• asymmetric cryptography is used to verify the identity of the SSH server, and then symmetric key encryption and hashing algorithms are used to maintain data transmission in ciphertext

setup SSH

on a mac/linux

# go to the system SSH config folder 
cd ~/.ssh

# check if `id_rsa` (the private key) and `id_rsa.pub` (the public key) exist
ls -a

# create a public-private key pair if they doesn't exist
ssh-keygen -C "<some-comment>"

# provide new file path to avoid stock name `id_rsa` that might be over-written 
# then check to see if the SSH key pair has been generated
ls -a

# register the newly created SSH private key with the system SSH agent
ssh-add ~/.ssh/id_rsa.pub

# copy public key to clipboard
pbcopy < ~/.ssh/id_rsa.pub

# login to the SSH server using the password authentication 
`ssh {user}@{host}` 

# navigate to the SSH config folder and ensure it has an extensionless file named `authorized_keys`
cd ~/.ssh && ls -a

# if `authorized_keys` file doesn't exist, make a blank one
touch authorized_keys

# open `authorized_keys` with the light-weight CLI text editor
nano authorized_keys

# paste the public key inside this file from clipboard, save file, and exit

# logout of the current password authenticated session on the SSH server

# log back in again to find that no password is needed after a correct SSH setup

windows

• if you are on Windows, you may have to use GitBash instead of Powershell

notes

• do not share the private key with anyone!

SSH multi computer tunneling

• CLI commmand for SSH multi-computer tunneling
• ssh -tt {user1}@{host1} ssh -tt {user2}@{host2} ...

references

• 10 Practical Examples of Rsync Command in Linux
• HMAC (Hash-Based Message Authentication Codes) Definition
• How Does SSH Work: Everything You Need to Know
• Connecting to GitHub with SSH