Keywords Before Read

• Fingerprint In the context of SSH, a fingerprint is a unique identifier for an SSH public key. The fingerprint is used for easy identification and verification of the host you are connecting to. If the fingerprint changes, it means the machine you are connecting to has changed their public key.

SSH Protocol Connection/Creation Flow

Initiation

ssh my_server_name

1. SSH client checks config file for an entry named "my_server_name."

   	Host my_server_name
       HostName myserver.com
       User root
       Port 22
   

2. SSH client resolves the "my_server_name" alias (if used) to the actual hostname or IP address. (DNS resolving "my_server_name" to "myserver.com")

Host Key Verification (First Time)

SSH adds server public key to the known_hostsfile from the server. This file acts as a database of known server public keys

# SSH known_hosts File (~/.ssh/known_hosts)
myserver.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbPOVVQF/CzuAeQNv4fZVf2pLxpGHle15zkpxOosckequUDxoq

Password Authentication

SSH prompts you for the password associated with the specified username. The password transmitted over the network (vulnerable to eavesdropping and MITM attacks).

Setting Up Key-Based Authentication Via OpenSSH

OpenSSH is an implementation tool of the SSH protocol, it not only provides extended ssh command, but also provides commands for generating key pairs on your local machine. You then copy the public key to the remote server.

Generate A New SSH key Pair (Using Ed25519 cryptography)

Greater security(elliptic curve cryptography), performance(smaller key sizes).

# localhost
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519

Ed25519 keys have a fixed length of 256 bits

Alternative: Generate A New SSH key Pair (Using RSA cryptography)

More flexible, can be used for various cryptographic purposes beyond SSH authentication or older systems.