What SSH is

SSH is one of the available tools allowing you to remotely control a server on a hosting. We’ll tell you what kind of a protocol it is and how to use it.

What is SSH?

SSH is a secure network data transfer protocol used to control devices remotely.

It allows you to send various commands to another computer or server. For example, you can upload or delete files, launch applications, etc.

All data that gets transferred from you to the remote device is securely encrypted. SSH creates a secure connection and makes it impossible for malicious users to steal valuable information.

Protocol features

SSH makes it possible to remotely control servers on a hosting. It allows you to connect with the servers and perform all the necessary actions from any device.

You can do the following things using SSH:

• launch applications, move and/or delete directories and files, carry out different commands on the remote device
• transfer data over a secure channel
• compress files for fast delivery
• redirect ports and transfer encrypted traffic between the ports of different computers

SSH server and SSH client

To connect to a remote device successfully, you will need two software programs: an SSH server and an SSH client.

The SSH server is installed on the device that you will connect with. If it is necessary to manage remote hosting, then it’s up to the provider to decide which SSH server to use. This is usually a free OpenSSH program.

The SSH client is a software installed on the user’s computer. It enables connection and transfers information. Linux and macOS computers use OpenSSH and often feature pre-installed software of this kind. You can connect to a remote device and control it using a special terminal.

Windows computers have no pre-installed SSH client. In this case, you need to download a third-party application.

Here are some popular SSH clients for this OS:

• PuTTY
• SecureCRT
• ShellGuard
• Axessh
• ProSSHD

PuTTY is the most commonly used client because it’s free and easy to manage. We recommend that you install it. All the examples given below imply using this software.

How the protocol works

Before starting to transfer information, it is necessary to establish a secure connection between the sender and the recipient. This process involves three steps:

1. Establishing a TCP connection. TCP is a data transfer protocol. It belongs to the transport layer of the OSI model. It allows you to deliver information from one device to another. It ensures secure package transportation and guarantees package integrity protection.

Before you start transferring data, a secure connection must be established. This happens as follows:

1. The client sends a request to establish a connection. It involves an SYN message and the index number of the transmitted byte.
2. The server replies with an SYN message, confirms data receipt by sending an ACK message, and sends the byte index number that is supposed to be received next.
3. The client also confirms the information receipt and sends the index number of the next byte to be expected.
4. As a result of this process, the connection gets established.

2. Opening a secure channel. The sender and the recipient must agree on how they will encrypt and compress the data.

1. At first, they exchange the information concerning their SSH versions as well as some other additional data. This helps them understand if their protocols are compatible with each other. Then they agree on the next steps.
2. Next, the parties inform each other about the algorithms supported. Some of these algorithms will be used to encrypt information, others—to compress it and send keys. The technologies are ranked from the most to the least preferred one. Both parties compare the data received with the algorithms they support and select the first matching options.
3. In the end, the server creates a unique combination of symbols and sends it to the client. It is called a fingerprint. If the connection with this server was established before, the fingerprint will be familiar to the client. The information about it is stored in the /home/username/.ssh/known_hosts directory. If it’s the first time that this connection has been established, the client will «ask» you for permission to trust this server. After your confirmation, a session key will be generated. It will be used to create symmetric channel encryption.

3. User authentication. After a secure channel has been opened, the server must check who has connected to it and whether this is an authorized user.

There are two ways to identify a user:

1. Via password
2. Via SSH key

We’ll discuss it in detail a bit later.

SSH has established a secure connection. Now the client can transfer data.

We’ve described what SSH is and how it works. Now let’s see how to apply it in real-life situations.

How to connect to a server using a protocol

To connect to the server, you’ll need to provide the following dаta:

• the machine’s IP address
• login
• password

On our Hosting, this information is available in the control panel.

If you need to connect to VDS, head to Virtual private servers and click on the Instructions button:

To find the information about the dedicated server, head to Dedicated servers > Instructions:

You’ll find all the necessary data in the first section called Server Information:

If your computer runs on Linux or macOS, head to the terminal.

You’ll see a window. Type:

ssh username@185.211.200.111

Replace username with your login and 185.211.200.111 with the IP address of the server that you need to connect to.

Press Enter.

If your device runs on Windows, you’ll need to install the client first. In the examples below, we’ll be using PuTTY.

Launch the program, click on Session, and enter the IP of the remote device into the Host Name (or IP Address) field:

Click Open.

Once you are connected, a console window will open.

As mentioned above, if it’s the first time that the client is connecting to the server, it will send you a fingerprint:

The authenticity of host ’185.211.200.111 (185.211.200.111)’ can’t be established.
ECDSA key fingerprint is ed:fe:f5:d7:98:fe:85:64:e1:44:11:af:e7:8d:33:de.
Are you sure you want to continue connecting (yes/no)?

Type yes.

After that, a password request will appear on the screen. Once you’ve entered the password, the connection will be established, and you will be able to control the device remotely.

Getting access with a key

Using an SSH key is a good alternative to entering your password every time when connecting to the server.

You will need two keys: a public and a private one. The private key is held in secret and cannot be shared with anyone else in any situation. The public key can be shared with other people who you are going to exchange encrypted data with.

You’ll need both keys because SSH uses an asymmetric encryption method. The information you transmit is encrypted using the first key, and it can be decrypted only by the other person owning the second key.

Generating keys on Linux or macOS

1. Head to the terminal and enter the following string:

ssh-keygen -t rsa

2. Specify where you would like to save the keys:

Enter file in which to save the key (/home/user/.ssh/id_rsa):

Specify the directory path. Or press Enter to choose the default location /.ssh/id_rsa.

3. The following message on the screen will ask you to create a custom passphrase to increase security:

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

If you don’t want to enter it every time when connecting to the server, press Enter.

4. The keys are ready:

Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
ed:fe:f5:d7:98:fe:85:64:e1:44:11:af:e7:8d:33:de user@localhost
The key’s randomart image is:
+-+
|                 |
|                 |
|    ..  * O o B .|
|    . .  + + * S |
|     == B o + . .|
|    .. B . = . . |
|   .. B  o = + ..|
| .  E.o * . o   .|
|   oooS    +.    |
+--+

The private key is stored in ~/.ssh/id_rsa, and the public key is stored in ~/.ssh/id_rsa.pub. This is where they will be saved if you do not specify any other directory in the second step. If you chose another path, the message will contain other data.

You will need to upload the public key to the server. Below we’ll tell you how to do this.

Generating keys on Windows

You’ll need to install the PuTTYgen app.

1. Launch the app. Select the RSA key type. Make sure that its length makes up 2048 bits.

2. Click on Generate and move the cursor randomly. The program uses cursor movement to generate random data.

The public key will appear at the top of the window.

It is advisable to copy it right away in order to upload it to the server later.

3. You can save the keys in any directory on your device by clicking on the Save public key and Save private key buttons.

How to upload a key to Gcore server

The VDS management key can be added using the VMmanager panel. You can enter it from your personal account. Open the Products/Services tab, head to the Virtual private servers section, select the required server, and click To panel.

You can find the panel access data either in the letter that we sent you after server activation or in the Instructions section.

Once you’ve entered the VMmanager panel, go to the SSH keys tab and click Add.

You’ll need to enter the key name (it can be any name of your choice) and paste the public SSH key.

Click OK. Done! The SSH key will be automatically added to all future virtual machines. Yet you will have to add the key manually to each VDS that you’ve already purchased.

Later on, if you add a key to VDS and then reinstall its operating system, the key will remain valid on the new OS.

The SSH key can be added to dedicated servers using the DCImanager panel. You can enter this panel from your personal account. Open the Products/Services tab, head to Dedicated servers, click on a specific server and click To panel.

Go to the SSH keys tab and click Add.

Enter a name and paste the public SSH key.

Click OK. Just like it is with VDS, this key will be automatically added to all new dedicated servers.

Basic protocol commands

You have connected to a remote device and successfully completed the authentication process. Now you can control the machine from your computer using various commands.

There are plenty of them. All these commands work the same way with all the existing SSH clients.

We’ll enlist several most common commands.

1. ls—displays the names of all files and directories on the remote device. It is used in combination with the following set of commands:

• ls -la—displays all files and the information about them: access rights, owner name, creator name.
• ls -lha—shows the size of each file in bytes.
• ls -lha | less—enables page view of files and directories.

2. cd—navigating between directories. Enter the command, specify the directory path, and this directory will be opened.

3. sudo—allows you to run any commands as an admin.

4. mv—renames files or moves them into certain directories. For example, we’ve entered mv name1 name2. If name2 is an existing directory, then the name1 file will be moved there. If the name2 directory does not exist, the name1 file will be renamed to name2.

5. rm—a command for deleting files and directories. To delete a file or a directory, enter its name after this command.

6. cp—is used when you need to copy a file or a directory. If you enter cp 1file 2file, then 1file will be copied to 2file. If you need to copy one directory into another, type -r after cp. This is what it is going to look like:

cp -r 1dir 2dir

If the 2dir directory does not exist, it will be created.

7. chmod—changing file access permissions. First comes the command, then the access rights, and the user that is given or deprived of these rights. Last comes the file path.

There are three rights types:

• r—reading
• w—recording
• x—execution

And there are three user types:

• u—file owner
• g—file group
• o—all other users

The ‘+’ sign indicates permission, the ‘-’ sign indicates a ban.

For example, we can type:

chmod о+r filename

This means that we have allowed everyone to read the filename file except for its owner and the file group.

8. scp—transferring files from your device to the server. After the command, you need to specify the local file name (or directory path), username, server IP address, and address of the directory where you want to place the file.

This is what it is going to look like:

scp example.txt username@111.222.333.444:/path/to/new/location/

These are just a few of the basic SSH commands. Knowing them is enough to gain a basic understanding of how to work with the protocol. Yet this list won’t be enough to fully use SSH in practice.

Summary

1. SSH is a secure data transfer protocol used to control computers over the Internet remotely. In most cases, it is used to remotely control servers on a hosting.
2. Using SSH allows you to carry out various commands on a remote device, transfer data securely, compress it for faster delivery, and so on.
3. To use this protocol, you need special applications: an SSH server and an SSH client. The SSH server is installed on the device that you are going to connect to. The SSH client is installed on your computer. Linux and macOS devices feature a pre-installed SSH client. Windows devices need an application to be installed (e.g., PuTTY).
4. When you connect to the server, the first thing to be done by SSH is establishing a secure connection. It opens a secure channel and performs user identification. User identification implies entering a password or an SSH key.
5. If you don’t want to enter your password every time when connecting to the server, you can create an SSH key and upload it to the server.
6. After the connection between your device and the remote machine has been established, you can enter various commands in the console in order to control the server.
7. The servers hosted by Gcore can be managed using SSH.

Host your projects on our virtual and dedicated servers and manage them from anywhere in the world.

More about Gcore Hosting