All of our configuration and maintenance work
will be done by command line
So we need a convenient method to work
on the remote machine
Several providers give you access to a web console
It can be useful for extraordinary maintenance tasks (e.g. first boot)But for ordinary work we need a better way to do that
is the de-facto standard used
to connect to a remote shell (replacing old telnet)
It is composed by a daemon (listening on port TCP 22)
on the server and a client
SSH solves two main issues in remote connection
All SSH connections are encrypted with
a symmetrical-(session)key algorithm
Unlike (old standard) telnet,
all SSH connections are authenticated
The server requires the client to perform a secure authentication before starting the session
Almost every VPS distro is shipped with
openssh-server(ssh daemon) pre-installed
Otherwise
apt install openssh-server # for debian baseddnf install openssh-server # for fedora basedOn our pc we need to install the ssh client
pacman -Syu ssh # for Arch basedapt install ssh # for debian baseddnf install ssh # for fedora basedthen we can start a new connection
with the following command
ssh [<user>@]<host>Password login is considered
a weak method of authentication
so ssh implements natively
an alternative way to trust connections...
The client generates a pair of private and public keys
Then it shares the public key with the server
in a trusted way (not defined by ssh protocol)
During the login phase, ssh uses the private key on client and the public key on the server to ensure that the client is allowed to connect to the server
To generate the pair of public and private keys
you can use the following command
ssh-keygen [-t ed25519 | rsa | ...]It will generate two files:id_<name> and id_<name>.pub
To copy the public key on the remote server we can use a tool using an ssh connection with password authentication
ssh-copy-id -i /path/to/id_<name> [<user>@]<host>Now we can use the private key to perform the ssh login
ssh -i /path/to/id_<name> [<user>@]<host>