Secure Communication using SSH


This time I was checking out OpenSSH. It is a network protocol which uses asymmetric key cryptography to provide secure data communication over an unsecured network. There is also a network protocol for “file transfer” SCP(Secure Copy) based on SSH. It uses SSH for data transfer and authentication ensuring authenticity and confidentiality of data.
In this post, I would like to explain how to connect to a remote system using SSH, transfer files securely and how to get password less access to a remote server.

Installing and Connecting to a remote server

I most Linux distros are shipped with only SSH-Client installed. If you would like to copy files  from your system from a remote system, you will have to install SSH-Server. If not, SSH-Client will be just fine.
To install SSH-Server, you can use the following command.

sudo apt-get install openssh-server

To connect to a remote server, the following command should work fine.

ssh <user>@<server IP/URL>

The above command will prompt for a password for the specific user at the server. Once you enter the correct password, you will get access to the shell of that user in the remote server. Now you can do whatever operations you like on the remote server, under the privilege of the user.

Copy using SCP

As you have seen, you can get access to a remote system using SSH. But SSH does not support file transfer. For that purpose, we use SCP. The command for transffering file from/to a remote server is as follows.

  • To copy a file to a remote host.
    scp <local file path> <usre>@<remote host IP/URL>:<remote location>
  • To copy a file from a remote host
    scp <user>@<remote host IP/URL>:<remote location> <local location>

Password less entry to an SSH Server

For enabling our system at achieve password less entry to a remote server using SSH, we use a public-private key pair. So first we have to generate a key pair. The following command helps you in creating a key pair

ssh-keygen 

Here I am using RSA algorithm to generate my key pair. ssh-keygen command supports DSA & ECDSA. It will ask you for the passphrase(private key) and then generate the public key file.

Now we have to copy this public key to the remote host. For that we use the following command.

ssh-copy-id -i <public key filename> <user>@<remote host IP>

This will copy your key file to ~/.ssh/authorized_keys on the remote server.Now when you try to connect to the remote host using SSH, it will ask for the password only for the first time. njoy….

Key-pair Generation, Secure Messaging & Message Signing


This time i am going to blog about public key generation, sending encrypted messages over the internet and using key-pairs for signing documents.

I used GNU Privacy Guard (GPG)  for this purpose. Normally GPG come pre installed with most Linux distros. So lets generate a strong public-private key-pair and see what all can be done with these keys.

Public Private Key-pair Generation

1. Generating Key-Pair

gpg --gen-key

Once you give the above command, the system will ask you for the following details.

  • What kind of key-pair do you want.
  • Length of key
  • Life span of key
  • Name
  • Mail id
  • Comment
  • Passphrase(private key)

Once you have entered all the above details, the system will be generating your public key in asc format.

2. You can add image to your public key to make it

gpg --edit-key <key-id>
gpg> addphoto

This will ask for a jpeg image.

3. Exporting Public key
You can export your public key to a file using the following command.

gpg --armor --export <mail-id> <filename>.gpg

4. Publish your public key

gpg --send-keys <key-id>  --keyserver <keyserver-name>

5. Sign your key
You can make others to sign your public key to authenticate the credibility of your key. Others can use the following commands to download your key from keyserver and sign it. You may publish your signed public key on key-servers or on the internet for others to send encrypted messages to you

gpg --recv-keys <key-id>
gpg --sign-key <key-id>

The above steps can be used to generate a strong key pair for yourself.

Secure Messaging

Now lets see how we can establish a secure communication between using the key-pairs.

1. Encrypt the message
If someone wants to send you a secure message, they can get your public key from the keyserver using –recv-key command. Then create a message and save it in a file. Use the following command to encrypt your message.

gpg --recipient <recipient-mail-id> --armor --encrypt <message-file>

This will generate a file .asc. This is the encrypted message. They can mail it to you.

2. Decrypt your message
You can use the following command to decrypt the message using your private key.

gpg --output <messagefile> --decrypt <encrypted-message-file>.asc

Message Signing

Finally, lets check out how we can sign a message file using our key-pairs. The following command can be used to sign your file.

gpg --clearsign <filename>