SSH

Secure Shell(SSH) is a network protocol to access a computer remotely over an unsecured network. It also refers to the suite of utilities to implement the SSH protocol.

SSH has a client-server model connecting the client with the server. It also provides SSH File Transfer Protocol (SFTP) for transferring data.

SSH Installation

To use the SSH connection, SSH has to be installed on both the server and client. Some popular options are:

• PuTTY: SSH client for Windows
• OpenSSH: SSH tool for Linux distributions

This section will show how to install OpenSSH on Linux.

SSH on Client

On the client side, SSH client needs to be installed. To check if SSH is already installed, ssh can be entered in the terminal.
If SSH is installed, a response similar to the below will be shown.

    username@host:~$ ssh
    
    usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
    [-D [bind_address:]port] [-E log_file] [-e escape_char]
    [-F configfile] [-I pkcs11] [-i identity_file]
    [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
    [user@]hostname [command]

Otherwise, OpenSSH client can be installed.

    sudo apt-get install openssh-client

SSH on Server

For the server, SSH server is required. To check if SSH server is installed on the server. ssh localhost can be entered in the terminal.
If the following response is returned, the SSH server is not installed.

    username@host:~$ ssh localhost
    
    ssh: connect to host localhost port 22: Connection refused username@host:~$

OpenSSH server can then be installed as below.

    sudo apt-get install openssh-server ii.

To ensure OpenSSH server is properly installed, ssh localhost command can be tested again. If the following response is returned, SSH server is installed properly.

    username@host:~$ ssh localhost

    The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:9jqmhko9Yo1EQAS1QeNy9xKceHFG5F8W6kp7EX9U3Rs. Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.

Public Key Authentication

To establish a secure client-server connection, public key authentication can be used. It adds cryptographic strength to the SSH security. ssh-keygen is used on the client-side to generate the authentication key pairs.

Key Pair - Public & Private

ssh-keygen creates a pair of private key & public key using the following command.

    ssh-keygen -f <path to store key pair (optional & default: ~/.ssh/)> -t <key algorithm (optional & default:rsa)> -b <key size (optional & default:1024)>
    # more about key algorithm: https://www.ssh.com/academy/ssh/keygen#ssh-keys-and-public-key-authentication

To establish a connection the public key is copied to the server, and the private key stays in the client.
The public key encrypts data that the private key can only read.

When the public is considered trustworthy in the server, it is marked as authorized and is called the authorized key.
On the other hand, the private key used for user identity is called the identity key.

Copy Public Key to Server

The public key can be copied to the server using the command below. The public key will be stored in the authorized_key file, allowing the client to establish a connection using the private key.

    ssh-copy-id -i <path to identity key> <username>@<host>

SSH connection using Public Key Authentication

After the authentication key pair is generated and the public key is copied to the server, the following command can be used to establish an SSH tunnel to the server.

    ssh -i <path to identity key> -d <port> <username>@<host>

The connection can be closed using exit command.

Config File

Configuration file for the SSH connection can be set up for quick connection on the client.
OpenSSH client-side configuration file is named config, and it is stored in ~/.ssh.

    # config file
    Host <define name for the connection ex.cdsw>
      HostName <remote server hostname ex.localhost>
      IdentitiesOnly <whether to use only passed secret key | ex.yes>
      IdentityFile <location of identity key | ex.c:/users/user/.ssh/ssh>
      User <remote server username | ex.cdsw>
      Port <port number | ex.2024>

The following command can connect to the server using the config file.

    ssh cdsw

Note that when there are multiple identity keys on the computer, enable "IdentitiesOnly" parameter to use only the given identity key for the connection.
On the command line, "IdentitiesOnly" can be used using "-o" parameter alongside "-i" parameter to point to the identity key.

    ssh -p <port> <username>@<host> -o "IdentitiesOnly=yes" -i <path to identity key>

SSH File Transfer Protocol

SSH File Transfer Protocol (SFTP) is a file transfer protocol (FTP) implemented in SSH. It allows a user to transfer files over the SSH tunnel.
Given the public key is stored in the server, the following command can be used to connect to the server using SFTP.

    sftp -P <port> -o "IdentitiesOnly=yes" -i <path to identity key> <username>@<host>

Note that capital P is used for the port parameter and the <username>@<host> is given at the end of the command.

Once the SFTP session is established, the command line will show "sftp>" on the command line input. Now all commands entered are executed in the server.
To execute the commands on the client, put "l" (for local) in front of the commands as below:

    # remote command
    sftp\> pwd
    Remote working directory: /home/cdsw
    # local command
    sftp\> lpwd
    Local working directory: c:\users\user\.ssh

Transfer Files from Server to Client

get command can be used to fetch a file from server to client. The working directories of the server and the client will be used as the source and the destination respectively.

    sftp\> get <source file> <destination file (if not given, same name is used)>
    sftp\> get -r <directory>

Note that "-r" is used to fetch child files in the directory recursively.

Transfer Files from Client to Server

put command can be used to push a file from client to server.

    sftp\> put <source file> <destination file>
    sftp\> put -r <directory>

Remote Development on VS Code via SSH

VS code can be used for remote development using SSH extension. The following steps can be taken to establish an SSH tunnel to the remote server.

1. Install remote development extension pack (ex. Remote - SSH)
2. Select "Remote-SSH: Connect to Host" from Command Palette (F1, Ctrl+Shift+P)
3. Either enter ssh command with connection detail or choose the configured host name (from Config File section)

Port Forwarding on VS Code

Port forwarding can be done using VS Code to allow the client to open up applications using the forwarded port.
This can be used to access the server's Jupyter Notebook or Airflow web server on the client's browser.

Port forwarding is added in the Remote Explorer from the activity bar.