Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.
uk/secure-shell-ssh-101/
Secure Shell (SSH) Search …
Secure Shell or SSH is a cryptographic (encrypted) CATEGORIES
network protocol operating at layer 7 of the OSI
Model to allow remote login and other network ◦ Expliots & Pentesting
services to operate securely over an unsecured ◦ General Admin Tasks
network. ◦ Hacking Basics
◦ Hacking Wireless
SSH provides a secure channel over an unsecured Networks
network in a client-server architecture, connecting ◦ Networking
an SSH client application with an SSH server. ◦ Raspberry Pi
Common applications include remote command-
line login and remote command execution, but any
network service can be secured with SSH. The ARCHIVES
protocol speci�cation distinguishes between
major versions, referred to as SSH-1 and SSH-2. Select Month
The most visible application of the protocol is for
access to shell accounts on Unix-like operating POPULAR TUTORIALS
systems, but it sees some limited use on windows
as well. In 2015 Microsoft announced that they ◦ Scanning and Port
would include native support for SSH in a future Forwarding through a
release. Meterpreter Session
1 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
You can �nd a windows developer preview of ◦ Find Cached WiFi
OpenSSH and a copy of there road map for this Passwords in Windows
project here.
◦ Testing Email
Connections with Telnet
Installing SSH in Linux
◦ Secure Shell (SSH)
Installing SSH on Linux is as simple as typing.. ◦ How To Hack Like a
Legend (Book Review)
sudo apt-get install ssh ◦ Hacking Digital
Billboards
Once you have installed all the packages your set
to start using ssh. To connect to another SSH MISSION STATEMENT
server type the command below.
Security Tutorials Mission
is to create clear up to
ssh (Username)@(host) date tutorials on hacking,
ssh admin@54.24.8.91 cyber security, PCI
Compliance.
As this will be your �rst connection from your Please Subscribe to
newly installed ssh server you will be prompted to Security Tutorials to
accept the authenticity of your host, just type yes receive noti�cations of
and the address will get added to your Known new tutorials as they are
released.
Hosts folder and you will then be prompted for
your logon password.
Installing SSH in Windows (Putty)
As there is not any native support for SSH in
windows at the time i am writing this, your best
option is to install a program called Putty.
Putty is an SSH and telnet client, developed
originally by Simon Tatham for the windows
platform. Putty is open source software that is
2 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
available with source code and is developed and
supported by a group of volunteers.
Tweets Follow
from
@sectuto
Putty Download Page
rials
The Putty download page has quite a few S… · Apr 1
di�erent things to download, I will go through MFA in Office
each of these later in this tutorial but for now just 365 – Notes
from
download the standalone executable putty.exe.
the Trenches.
Once downloaded double click putty.exe and a
new window will open showing you the putty
con�guration. In the Host Name (or IP address) securityt…
type in your SSH servers address MFA in
(Username)@(host) and then click open. Office 36…
S… · Jul 23, 2021
Creating an
Active
Directory
Home Lab
securityt…
Creating
an Active…
S… · Apr 2, 2021
First Three
Steps to
As this is the �rst time connecting to your SSH Secure a
server you will be prompted with a security alert Linux Server
saying it does not know the host, if your sure this
is the correct host, just click yes and the host will
be added to Putty’s cache.
securityt…
3 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
First Three
Steps to …
You will now be prompted for your login, enter
your username and password and that is it, you
should be logged into your server.
No More Passwords with An SSH
Authentication Key
An SSH server can authenticate clients using a
variety of di�erent methods. the most basic of
these is password authentication, which is easy to
use, but not the most secure.
Although passwords are sent to the server in a
secure manner, they are generally not complex or
long enough to be resistant to repeated,
persistent attackers. Modern processing power
combined with automated scripts make brute
forcing a password-protected account very
possible. Although there are other methods of
adding additional security(fail2ban, etc), SSH keys
prove to be reliable and secure alternative.
SSH key pairs are two cryptographically secure
keys that can be used to authenticate a client to
4 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
an SSH server. Each key pair consists of a public
key and a private key.
The private key is retained by the client and should
be kept absolutely secret. Any compromise of the
private key will allow the attacker to log onto
servers that are con�gured with the associated
public key without additional authentication. As
and additional precaution, the key can be
encrypted on the disk with a pass phrase.
The associated public key can be shared freely
without any negative consequences. The public
key can be used to encrypt messages that only the
private key can decrypt. This property is employed
as a way of authenticating using the key pair.
The public key is uploaded to a remote server that
you want to be able to log into with SSH. The key is
added to a special �le within the user account you
will be logging into called ~/.ssh/authorized_keys .
When the client attempts to authenticate using
SSH keys, the server can test the client on
whether they are in possession of the private key.
If the client can prove that it owns the private key,
a shell session is spawned or the requested
command is executed.
Setup SSH Key Pairs in Linux
To create your keys type the command below.
5 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
ssh-keygen -t RSA
The -t lets you choose the type of key that you
want to use RSA, DSA or ECSDA by default it will
use RSA.
It will say that its generating the public/private key
pair and asks you where you would like to save the
key. By default it saves it to a hidden folder called
.ssh in your home directory, which is �ne so just hit
enter.
Generating public/private RSA key pair.
Enter file in which to save the key (/home/user/.ssh/id_r
Now it asks you to enter a passphrase. you can just
hit enter again and it will create your key without a
passphrase but i strongly advise adding a strong
password because if your private key ever gets
compromised they will be able to connect to your
ssh server without a password.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
After adding your passphrase it will save both the
public (id_rsa.pub) and privet keys (id_rsa) to the
folders speci�ed previously, it also shows you the
�ngerprint of your key in a randomart image.
Your identification has been saved in /home/user/.ssh/id_
6 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
Your public key has been saved in /home/user/.ssh/id_rsa.
The key fingerprint is:
16:1d:be:d3:71:0d:7a:6e:fb:97:72:76:2b:2e:b0:3b
The key's randomart image is:
+---[RSA 2048]----+
| . . |
| o . . o |
| . o o o .|
| . o = |
| S o . o |
| . . . . . |
| o . .|
| E . o =o|
| .o o.=.=|
+-----------------+
All you have to do now is take your Public key
(id_rsa.pub) and send it over to the SSH server,
there are a few di�erent ways to do this.
If password authentication is still enabled you can
run this command to copy over the public key and
add it to the .ssh/authorized_keys on the server.
ssh-copy-id (username)@(host)
user@debian:~$ ssh-copy-id user@54.24.8.91
/usr/bin/ssh-copy-id: INFO: attempting to log in with the
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be install
user@54.24.8.91's password:
|
|Number of key(s) added: 1
|
Now try logging into the machine, with: "ssh '
7 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
and check to make sure that only the key(s) you wanted we
It will then log you out, log back in and if you set a
password on your private key you will be prompted
to enter it now to unlock it.
You will now be able to log in and out of the server
without entering your SSH password you still may
need to unlock your privet key if you reboot.
Setup SSH Key Authentication in
Windows with Putty
With Putty you need to �rst download the Putty
key generator and Pageant which is an
authentication agent used in putty. Both can be
downloaded from the Putty Download page.
Once everything is downloaded run Puttygen.exe
this will open the Putty Key Generator and from
here we can generate a public and private key pair.
8 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
To create the public and private key pair �rst
select the type of key you want to generate (SSH
-2 RSA or SSH-2 DSA) and the number of bites in
the generated key and just click Generate, it will
then prompt you to move the mouse in the blank
area to generate some randomness and the green
bar will slowly increase as you move the mouse.
Once the green bar has reached the end you will
be prompted with your key, I would advise you set
a strong security passphrase here otherwise if
your keys get compromised there will be no other
line of defense for someone to log straight into
your server.
9 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
After you have set and con�rmed your passphrase
click the save Public Key and save it some where
secure with a name that makes it recognizable like
public and then do the same with the Private Key
naming it private.
Now we need to copy the public ssh key to the
~/.ssh/authorized_keys �le on your ssh server.
Log into your ssh server with Putty
(Username)@(host) then open up the
authorized_keys �le with your favorite text editor i
am using nano.
nano -w .ssh/authorized_keys
-w Wordwrap
Open your Public Key in Notepad and add ssh-rsa
to the start of your SSH Key as below and copy the
whole string up until the �nal =.
and up until the �nal =.
Once this has been copied, paste it into your open
putty nano session by right clicking in the putty
10 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
window. This should copy the string from our
public key that we copied from notepad earlier
into our authorized_keys �le. Make sure the key is
on one single line with no spaces then save the
authorized_keys �le and exit nano.
Now the public key is setup on the server we need
to use Pageant.exe which we downloaded at the
start.
Pageant is an SSH authentication agent. It holds
your private keys in memory, already decoded, so
that you can use them often without needing to
type a passphrase.
When you run Pageant it will put an icon of a
computer wearing a hat into the system tray. It will
then sit and do nothing until you load a private key
into it.
Right click the Pageant icon in the System tray and
you will see a menu as below.
Click Add Key and navigate to where you saved
your private key, open your private key then
11 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
you will be asked to enter the passphrase for you
key if you set one.
Enter the passphrase and your private key will be
loaded into pageant you will now be able to
connect to your SSH server without entering
your SSH password. You will how ever have to run
pageant every time you reboot and authenticate
your Private Key with a password.
Setup a SSH Proxy (SOCKS5) Linux
and Windows
Have you ever wanted to visit sites during the day
from a location that denied access to those sites?
Perhaps the company has denied access due to
bandwidth considerations or you might have
decided that the site you want to go to might not
always be work safe depending on the story or
pictures? What you need is the ability to create a
secure and encrypted SSH connection to tunnel
your browser tra�c through.
Using a ssh tunnel to retrieve the data from
websites is signi�cantly faster than trying to use X
forwarding to open a remote copy of Firefox on
the remote machine. If a remote browser is used
the connection will be saturated by the graphical
front end of the remote browser window. Use the
tunnel for the web site’s data and leave the
12 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
rendering of the browser to the local machine.
This is the most e�cient solution.
If you have access to a remote machine by way
of SSH you can set up Firefox, or any other SOCKS
V5 enabled application, to tunnel its connection
through SSH. this way, if you were at work and
wanted to browse your favourite sites like
Facebook, xhamster, etc that are blocked at the
company �rewall you could.
To set this up in Linux its as simple as typing the
command below in you Linux terminal
ssh -D 8080 (Username)@(host)
Here SSH will create a Socks proxy listening in for
connections at local port 8080 and upon receiving
a request would route the tra�c via SSH channel
created between ‘work’ and ‘home’. For this it is
required to con�gure the browser to point to the
socks proxy at port 8080 at localhost.
In windows (Putty) its a little bit more complicated
you need to setup the connection as normal then
on the left hand side click Connection –> SSH –>
Tunnels and you should get a page like this.
13 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
from here make sure you click Dynamic put 8080
in the source port and a Destination of localhost
then click the Add button. This will add the
dynamic port in the forwarded ports box as below.
Once you have D8080 which stands for dynamic
port 8080 in your forwarded ports just click open
and your connection will be made.
Now you have your tunnel setup you can tunnel
any SOCKS 5 aware program like your internet
Browser through that encrypted SSH connection, i
14 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
will show you how to set this up in �refox.
Open Firefox click the icon with the 3 dashes in
the top right corner and select Preferences as
pictured below.
Then go Advanced –> Network and click settings
Once your in settings you need to change the
radio button to Manual Proxy con�guration and
enter the details as pictured below
15 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
Click OK and your internet tra�c in Firefox will
now be going through your ssh tunnel then out to
the internet.
You can check this by going to
https://www.whatismyip.com and if its all working
you should see your SSH servers ip.
Tunnelling with Local Port
Forwarding
Lets say that yahoo.com is being blocked using a
proxy �lter at work. A SSH tunnel can be used to
bypass this restriction.
To create the SSH tunnel execute the following
from ‘work’ machine.
16 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
ssh -L 9001:yahoo.com:80 (username)@(host)
The ‘L’ switch indicates that a local port forward is
needed to be created.
Now the SSH client at ‘work’ will connect to the
SSH server running at ‘home’ (usually running at
port 22) binding port 9001 of ‘work’ to listen for
local requests thus creating a SSH tunnel between
‘home’ and ‘work’. At the ‘home’ end it will create
a connection to ‘yahoo.com’ at port 80. So ‘work’
doesn’t need to know how to connect to
yahoo.com. Only ‘home; needs to worry about
that. The channel between ‘work’ and ;home; will
be encrypted while the conection between ‘home’
and ‘yahoo.com’ will be unencrypted.
Now it is possible to browse yahoo.com by visiting
http://localhost:9001 in the web browser at the
‘work’ computer. The ‘home’ computer will act as a
gateway which would accept requests from ‘work’
machine and fetch data and tunnel it back.
Here the ‘host’ to ‘yahoo.com’ connection is only
made when the browser makes the request not at
the tunnel setup time.
17 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
It is also possible to specify a port in the ‘home’
computer itself instead of connecting to an
external host. Tis is useful if I were to setup a VNC
session between ‘work’ and ‘home’. Then the
command line would be as follows.
ssh -L 5900:localhost:5900 (username)@(host)
The Created tunnel can be used to transfer all
kinds of data not limited to web browsing
sessions. we can also tunnel SSH sessions from
this as well. lets assume there is another
computer (‘banned’) to which we need to SSH from
within work but the SSH access is being blocked. It
is possible to tunnel a SSH session to this host
using a local port forward. The setup would look
like this.
As can be seen now the transferred data between
‘work’ and ‘banned’ are encrypted end to end. For
this we need to create a local port forward as
follows.
ssh -L 9001:banned:22 (username)@(host)
Now we need to create a SSH session to local port
9001 from where the session will get tunnelled to
18 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
‘banned’ via ‘home’ computer.
ssh -p 9001 localhost
To do local tunnelling within Putty click connection
–> SSH –> Tunnels on the left hand side of the
putty window
Make sure, once you have entreated the details,
you click add and the port will show in forward
ports as below
19 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
Reverse Tunnelling with remote
port forwarding
Lets say it is required to connect to an internal
company website from home. The companys
�rewall is blocking all incoming tra�c. How can we
connect from ‘home’ to the internal network so
that we can browse the internal site? A vpn setup
is a good candidate here. however for this
example let’s assume we dont have this facility.
Enter SSH reverse tunnelling..
As in the earlier case we will initiate a tunnel from
the ‘work’ computer behind the �rewall. This is
possible since only incoming tra�c is being
blocked and outgoing tra�c is allowed. Instead of
the -L option we now de�ne -R which speci�es a
reverse tunnel needs to be created.
ssh -R 9001:intra-site.com:80 (username)@(host)
once executed the SSH client at ‘work’ will connect
to SSH server running at home creating a SSH
tunnel. Then the server will bind port 9001 on
‘home’ machine to listen for incoming requests
which would subsequently be routed through the
20 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
created SSH channel between ‘home’ and ‘work’.
Now its possible to browse the internal site by
visiting http://localhost:9001 in ‘home’ web
browser. the ‘work’ Pc will then create a
connection to intra-site and relay back the
response to ‘home’ via the created SSH channel.
To do this with putty click Connection –> SSH
–>Tunnels on the right hand side of the putty
client then enter your details and click the Add
button to add the details into the forwarded ports
see below.
21 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
« Restrict RDP Access by IP Address with Windows
Firewall
Testing Email Connections with Telnet »
3 COMMENTS
Chris says:
28th August 2018 at 3:02 pm
Hey great info thanks……i am using putty to
connect to haasio and I can log in but instead
of it saying “pi@raspberry:” I have “core-ssh” I
appreciate any advice you can give me.
Reply
hemp says:
28th August 2018 at 6:09
pm
Hi, Chris Thanks for posting a
comment.
I am not really sure what hass.io
is.. but doing a quick google of
your error found that you are
ssh’ing into the container of the
ssh addon, which is not the same
as the hass.io host
https://community.home-
assistant.io/t/ssh-hassio/30775
hope this helps mate let me know
22 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
how you get on.
Hemp
Reply
Pingback: First Three Steps to Secure a Linux Server -
Security Tutorials
LEAVE A REPLY
Your email address will not be published. Required
�elds are marked *
Comment *
Name *
Email *
Website
23 of 24 11/17/2022, 11:51 AM
�Secure Shell (SSH) - Security Tutorials https://securitytutorials.co.uk/secure-shell-ssh-101/
Save my name, email, and website in this browser
for the next time I comment.
Post Comment
WordPress Theme: Poseidon by ThemeZee.
24 of 24 11/17/2022, 11:51 AM
