Skip to content

SSH for Beginners

Jump to bottom Edit New page
vjrj edited this page Feb 8, 2021 · 14 revisions

Introduction

ssh is a basic tool that allows us to connect to a server safely, transfer files and many other things. For example, ansible uses it to connect to our servers, and thus configure them as we indicate in our inventories of services and servers and according to the tasks indicated in ala-install.

Basic Concepts

SSH keys

ssh uses a system of public and private cryptographic keys. Making a simplistic comparison, think of a key (private key) as the key to your house, and one or more locks (public key) for match that key that you can put in different places and thus open them with the same key.

You can have different public and private keys for different uses (work, home, car, bike, etc).

You can share the public key in several places (the ideal thing is to have the same lock on all the doors of your house or your car). But the private key, you only share it with your family members (or with members of your team), although it is advisable that each one use their own different keys and locks to enter the same sites.

That is to say, a door can have several locks, and the door can be opened with different keys and here our metaphor gets a bit mixed up, but let's hope it is understood.

If the lock is not positioned properly, you will not be able to open that door (and access that server).

Public and Private IP Addresses

Not all of our servers are directly connected to the Internet. Our data centers are like an office building in which not all offices have a door to the street, to the outside.

Our servers have public and/or private IP addresses. Using also a metaphor, given a building, we cannot put a postal address with a street number to each office in the building, therefore, a street number is shared, and then the floor/door is used, for example, to indicate an office inside the building.

Gateways

This also affects security. Imagine what a mess if each office gave onto the street, outside. For this reason, many times, it is accessed through a portal, or a security control that then gives you access to the rest of the building. Sometimes you have to go through several security checks until you reach the office you want to enter.

In ssh terminology this is a bastion, gateway or proxyjump. You "jump" to one server to be able to access another typically, an internal server.

SSH Ports

Like the classic web http port is 80, or https 443, the default port for SSH, is 22. If on a server you ring the bell 80 the web will answer you, if you touch 443 the secure web will answer you, and if you ring the bell 22, then ssh answers.

Sometimes another port is used instead of the default port 22. This happens many times when we have internal servers and the external machine uses port 22 for itself. In these cases a different port (for example 22001) is redirected to the internal machine port 22.

End

Index

Clone this wiki locally