woose/Introduction_to_Git_and_GitHub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update module3.ipynb

Browse Source
This commit is contained in:
Yavuz Sava 2025-03-07 22:52:54 +03:00
parent 65006397f8
commit ccf68f4ebf
1 changed files with 178 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
module3.ipynb
View File

@ -553,21 +553,196 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"# What is secure shell?"
"# What is secure shell?\n",
"\n",
"Secure Shell (SSH) is a robust protocol for connecting to servers remotely. In the realm of remote server access, security is going to be more and more important to keep your information safe. Secure Shell is primarily used for logging in to Linux servers, Unix servers, and certain networking equipment such as routers. \n",
"\n",
"## Alternatives to SSH\n",
"\n",
"SSH provides a shield against prying eyes, but how does it compare to its alternatives?  \n",
"\n",
"Telnet is one popular alternative. Telnet exposes your typed commands, including passwords, to anyone on the network equipped with the right tools. \n",
"\n",
"Although Transport Layer Security (TLS) encrypts data within web browsers, SSH secures data in interactive terminal sessions or file transfers. This encryption ensures that sensitive information remains confidential during communication. \n",
"\n",
"Another alternative is virtual private networks (VPNs). VPNs also offer encryption but grant access to entire networks after connection. SSH adheres to the principle of least privilege, restricting users to specific hosts, enhancing security. \n",
"\n",
"Another option might be remote-control software like VNC or GoToMyPC. They focus on graphical user interfaces and desktop experiences, which may not align with most Linux servers that operate sans desktop environments.\n",
"\n",
"## Operation\n",
"\n",
"SSH operates through two key components: the SSH server and the SSH client. The SSH server, residing on the target server, establishes secure network connections, undergoes mutual authentication, and initiates encrypted login sessions or file transfers. \n",
"\n",
"Conversely, the SSH client establishes a connection to the SSH server, ensuring a secure interaction. The client makes requests, such as “log me in” or “copy this file.”\n",
"\n",
"## SSH keys\n",
"\n",
"In the SSH protocol, an access credential is known as an SSH key. It serves a similar purpose as usernames and passwords, although system administrators and power users typically use the keys to automate procedures and achieve single sign-on.\n",
"\n",
"Displaying the fingerprint of an SSH key is a useful way to verify that you're using the correct key and that the remote server's key hasn't been tampered with. To display the fingerprint of an SSH key, you can use the ssh-keygen command-line tool. \n",
"\n",
"## Key takeaways\n",
"\n",
"**SSH prioritizes security in remote server access:** Secure Shell (SSH) is a robust and trusted protocol for securely connecting to servers remotely. It finds widespread use in accessing Linux servers, Unix servers, and specific networking equipment, serving as a shield against unauthorized access and data breaches. \n",
"\n",
"**Comparing SSH with alternatives:** When you compare SSH to alternatives like Telnet, its security superiority becomes clear. Telnet exposes commands, including passwords, to potential threats, whereas SSH's encryption guarantees confidentiality during interactive terminal sessions and file transfers. Unlike virtual private networks (VPNs) that offer network-wide access, SSH adheres to the principle of least privilege, ensuring users are restricted for enhanced security.\n",
"\n",
"**SSH's operational mechanics and key role:** SSH functions through two core components: the SSH server and the SSH client. The SSH server establishes secure connections, authenticates parties involved, and initiates encrypted sessions. Conversely, the SSH client establishes secure interactions with the server and enables actions like secure login or file copying.\n",
"\n",
"Just like a password, the security of your SSH key is critical. Never share your SSH private key with anyone or put SSH keys into your application code. With someone having access to your information, they can gain unauthorized access by logging in and pretending to be you."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# The SSH protocol"
"# The SSH protocol\n",
"\n",
"When discussing computer networks, the word “shell” refers to a program that provides an interface for accessing another operating system. With all the effort you put into keeping your own machine secure, you certainly want security when its connected to another machine. The Secure Shell network protocol, usually shorthanded to “SSH,” allows secure access to a computer over an unsecured network. \n",
"\n",
"## What is a protocol? \n",
"\n",
"A protocol is a set of rules for how two things should communicate with each other. You may have heard the phrase “military protocol,” which refers to the strict guidelines that govern communications between members of the armed forces in all situations. \n",
"\n",
"In the case of computer protocols, these are usually published as open standards so that any given protocol can be implemented in various products. Having these protocols readily available to everyone means that any machine or network that implements a given protocol should be able to communicate seamlessly with anything else that supports the same protocol. \n",
"\n",
"For a deeper dive into Secure Shell, see [SSH protocol<svg aria-labelledby=\"cds-react-aria3604314262-:r5ed:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5ed:\"><title id=\"cds-react-aria3604314262-:r5ed:-title\">Opens in a new tab</title></svg>](https://www.ssh.com/academy/ssh/protocol). \n",
"\n",
"## The SSH protocol\n",
"\n",
"So how does SSH secure the network? It works on the principle of public-key encryption. The client and the server each generate a strong encryption key for any data that is passed between them. Then, that key gets split in half, with the client retaining one portion and the server keeping the other. Its a complex version of a simple idea, really; its not hard to imagine two people making up an encryption code and then tearing it in half for extra secrecy. \n",
"\n",
"In SSH, the keys are split between a public key, the public half of the servers encryption key, and the private key, which is stored only on the server. This way, a users machine can encrypt a message using the public key, but only the connected server can decode it because only the servers private key will successfully decrypt the message. This way, if someone did intercept the network traffic, they still couldnt read it because they dont have the servers private key. Using SSH, your keystrokes and the servers responses are completely secure. \n",
"\n",
"For more on these keys, see [Public private key pairs & how they work<svg aria-labelledby=\"cds-react-aria3604314262-:r5ef:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5ef:\"><title id=\"cds-react-aria3604314262-:r5ef:-title\">Opens in a new tab</title></svg>](https://www.preveil.com/blog/public-and-private-key/#:~:text=In%20public%20key%20cryptography%2C%20every,using%20their%20matching%20private%20key.) and [A Deep Dive on End-to-End Encryption<svg aria-labelledby=\"cds-react-aria3604314262-:r5eh:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5eh:\"><title id=\"cds-react-aria3604314262-:r5eh:-title\">Opens in a new tab</title></svg>](https://ssd.eff.org/module/deep-dive-end-end-encryption-how-do-public-key-encryption-systems-work). \n",
"\n",
"## Using the SSH protocol\n",
"\n",
"The SSH protocol is commonly used for logging in to servers remotely. While it is primarily used for logging in to Linux and Unix servers, it is also used to encrypt file transfers and to log in to some network equipment, like routers. \n",
"\n",
"Of course, your private key should never be transmitted to anyone else or shared anywhere. Most SSH clients will not connect if your private key is not protected from other users. Because your private key is unique to you, it can serve as both authentication and encryption, so the server doesnt need to ask you for a password.\n",
"\n",
"Besides providing a secure login shell on a remote server, SSH can be used for a number of other functions, including:\n",
"\n",
"- Transferring files between client and server with SCP (Secure Copy Protocol) or SFTP (Secure File Transfer Protocol); for more about these types of file transfers, see the [Difference between SFTP and SCP<svg aria-labelledby=\"cds-react-aria3604314262-:r5ej:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5ej:\"><title id=\"cds-react-aria3604314262-:r5ej:-title\">Opens in a new tab</title></svg>](https://www.tutorialspoint.com/difference-between-sftp-and-scp).\n",
"- Forwarding network ports from server to client, or “tunneling”; for more on port forwarding, see [How to Use SSH Port Forwarding<svg aria-labelledby=\"cds-react-aria3604314262-:r5el:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5el:\"><title id=\"cds-react-aria3604314262-:r5el:-title\">Opens in a new tab</title></svg>](https://phoenixnap.com/kb/ssh-port-forwarding).\n",
"- Relaying your login to yet another server behind a firewall, sometimes referred to as a “jump box” or “bastion host”; for more on this relaying method, see [How to Set Up an SSH Jump Server<svg aria-labelledby=\"cds-react-aria3604314262-:r5en:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5en:\"><title id=\"cds-react-aria3604314262-:r5en:-title\">Opens in a new tab</title></svg>](https://goteleport.com/blog/ssh-jump-server/).\n",
"- Running graphical user interface (GUI) applications on a server but displaying them on a local client; for more on this, see [Use X forwarding on a personal computer<svg aria-labelledby=\"cds-react-aria3604314262-:r5ep:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5ep:\"><title id=\"cds-react-aria3604314262-:r5ep:-title\">Opens in a new tab</title></svg>](https://kb.iu.edu/d/bdnt)."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Configuring SSH"
"# Configuring SSH\n",
"\n",
"Computer ports are software-based points where a network connection begins and ends. When using Secure Shell (SSH), the client connects to the server on port 22. After the connection is made, the server sends its public key to the client. Then the client and server negotiate a set of encryption rules, called an encryption algorithm, that both machines can support. When the two machines are in agreement on the encryption algorithm, the server starts a login shell for the user. \n",
"\n",
"![A diagram shows an SSH client connecting to an SSH server. Information is exchanged until a secure connection is es](https://d3c33hcgiwev3.cloudfront.net/imageAssetProxy.v1/pI1RKqVSSp21_OdEfwUMww_6cffd8ebb7084820bbc53b564ef0e1f1_BudE_s6geqadKlUkfb06AWNR4PFzNYzeb0-aOgYqQkSz2R2jbLYmKBT4ILRoxJ3_8Ew7lqJKd4JyZpRqTzhReNUSzUc40EUq34n_Fk819HY20sAjsyGolwZT4iGvyewpB8iZxGt075kRnnT9LO0ZaKw?expiry=1741478400000&hmac=DWn_L1p39kdloNNjfkV533w6T_cEwErpBG3giRoHnFI)\n",
"\n",
"## Configuring an SSH client\n",
"\n",
"SSH configuration instructions will be different depending on your operating system and the implementation of SSH. On the other hand, instructions for a client to generate its SSH key and connect to a server are more general. Lets look at how to set up the command-line OpenSSH client and connect to a remote host for the first time. \n",
"\n",
"### Generating your key pair\n",
"\n",
"First, you will need to generate your public/private key pair. The first time you connect to a given server using SSH, the server will store a copy of its public key on your machine. This needs to be done only once, as the same key pair can be used to connect to any number of remote hosts.\n",
"\n",
"Open a terminal and enter the command: \n",
"\n",
"ssh-keygen -t rsa -b 2048\n",
"\n",
"OpenSSH will ask where to save the generated keys. Note that it will create a hidden directory called .ssh in your home directory. You can accept the defaults here. \n",
"\n",
"SSH will also ask you for a passphrase to protect your key. Many people choose not to use a passphrase because if you enter a passphrase here, you will be required to enter it every time your key is used. If you are on a machine that is not secure, however, someone who gains access to that computer will also have access to every system that uses that key. \n",
"\n",
"If you add a passphrase to your SSH key for added security, you can save the passphrase to an SSH agent, which is a program that manages SSH keys. For more about working with SSH key passphrases, see [Adding your SSH key to the ssh-agent<svg aria-labelledby=\"cds-react-aria3604314262-:r5h9:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5h9:\"><title id=\"cds-react-aria3604314262-:r5h9:-title\">Opens in a new tab</title></svg>](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent). \n",
"\n",
"After you have set your passphrase or declined the option, OpenSSH will then generate a random public/private key pair and save it. Depending on your hardware, this may take several seconds to complete. OpenSSH will then return a message that your key has been saved and display the fingerprint and a “randomart image” of your new key. Here is an example:\n",
"\n",
"```bash\n",
"Generating public/private rsa key pair.\n",
"\n",
"Enter file in which to save the key (/Users/tradel/.ssh/id\\_rsa): \n",
"\n",
"Created directory '/Users/tradel/.ssh'.\n",
"\n",
"Enter passphrase (empty for no passphrase): \n",
"\n",
"Enter same passphrase again: \n",
"\n",
"Your identification has been saved in /Users/tradel/.ssh/id\\_rsa\n",
"\n",
"Your public key has been saved in /Users/tradel/.ssh/id\\_rsa.pub\n",
"\n",
"The key fingerprint is:\n",
"\n",
"SHA256:0P4GpCFXlVoZPoQ8ULdqq9L0p2KTYlMwtOLXIwSxfO8 tradel@Todds-MacBook-Pro.local\n",
"\n",
"The key's randomart image is:\n",
"\n",
"+---\\[RSA 2048\\]----+\n",
"\n",
"|  ..  .+oo=+     |\n",
"\n",
"| ....  o+++.     |\n",
"\n",
"|  ooo.+ o++      |\n",
"\n",
"|  ..=+ \\*.. .     |\n",
"\n",
"| . o +o S        |\n",
"\n",
"|  . o.=. +       |\n",
"\n",
"|   . =E+. o      |\n",
"\n",
"|    = \\*....      |\n",
"\n",
"|   . =.o.o       |\n",
"\n",
"+----\\[SHA256\\]-----+\n",
"```\n",
"\n",
"## Connecting for the first time\n",
"\n",
"Now that you have a key pair, you can connect to a host. The most basic form of the command to connect is: \n",
"\n",
"ssh <username>@<hostname>.\n",
"\n",
"When you connect to a server for the first time, SSH will print out the fingerprint of the remote servers key and confirm that you really want to connect. The request will look like this:\n",
"\n",
"```bash\n",
"The authenticity of host 'my-host (192.168.1.10)' can't be established.\n",
"\n",
"ED25519 key fingerprint is SHA256:KyE8fOzengv6CRTe1EXaeO7dtIF9JKM0VAcKf6sA0RM.\n",
"\n",
"This key is not known by any other names\n",
"\n",
"Are you sure you want to continue connecting (yes/no/\\[fingerprint\\])? yes\n",
"\n",
"Warning: Permanently added 'my-host' (ED25519) to the list of known hosts.\n",
"```\n",
"\n",
"You may be asked to enter the password for the account on the remote host. After you do this, a copy of your public key will be stored on the host, and you will not have to enter your password again. Your own copy of your key is sufficient to authenticate your connection. \n",
"\n",
"## Configuring an SSH server\n",
"\n",
"As we said earlier, SSH server configuration will vary based on your operating system and implementation of SSH. The SSH server component, called a “daemon,” is often installed by default on Linux and Unix. On Linux, the server configuration file is usually at /etc/ssh/sshd\\_config and rarely needs to be changed. \n",
"\n",
"If you try to connect to a host and see an error like “ssh: connection refused”, consult your operating system documentation for how to install and enable the SSH daemon. \n",
"\n",
"For use cases like increased security or managing user connections, see [How To Tune your SSH Daemon Configuration on a Linux VPS<svg aria-labelledby=\"cds-react-aria3604314262-:r5hl:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5hl:\"><title id=\"cds-react-aria3604314262-:r5hl:-title\">Opens in a new tab</title></svg>](https://www.digitalocean.com/community/tutorials/how-to-tune-your-ssh-daemon-configuration-on-a-linux-vps).\n",
"\n",
"Later versions of MacOS also have a command-line SSH client already installed. For a free implementation of SSH for Windows, Mac, and Unix, see [PuTTY: a free SSH and Telnet client<svg aria-labelledby=\"cds-react-aria3604314262-:r5hn:-title\" fill=\"none\" focusable=\"false\" height=\"16\" role=\"img\" viewBox=\"0 0 20 20\" width=\"16\" class=\"css-8blerm\" id=\"cds-react-aria3604314262-:r5hn:\"><title id=\"cds-react-aria3604314262-:r5hn:-title\">Opens in a new tab</title></svg>](https://www.chiark.greenend.org.uk/~sgtatham/putty/). \n",
"\n",
"## Pro Tips \n",
"\n",
"You can use the same private/public key pair across all the machines you control. So if you have two laptops and a tablet, you could copy your key pair to all of them. This can save you a few steps when logging in from other devices.\n",
"\n",
"Once SSH is set up, if the public key sent by the server ever changes, SSH will warn you that something malicious may have happened to the server. You will receive an alert message that states the “Remote host identification has changed” or similar. You should contact your systems administrator if you see this message. Although its possible that the server has simply updated its key, its also possible that someone is eavesdropping on communications between you and an application in order to steal information. \n",
"\n",
"Optional features like port forwarding are often disabled by default because they open up potential security holes if they are misused. You may need these optional features to be enabled for something like forwarding network ports from a remote host to your local machine; for instance, if you want to access a service on the host (or the host's network) that is blocked by a firewall. If you need these optional features enabled, turn them on in the sshd\\_config file."
]
},
{