Questions tagged [ssh]

SSH (Secure shell) is a protocol for secure communication between computers to execute remote commands, transfer data and tunnel TCP connections.

SSH (Secure SHell) is a protocol to establish a secure channel (encrypted, authenticated and integrity-protected) and execute commands on a remote computer or transfer data between computers. It is the de facto standard protocol for remote command execution and secure file transfer in the unix world.

SSH allows running remote shell commands, transfering files with SCP (file copy) or SFTP (FTP-like protocol, not to be confused with FTP over SSH or FTP over SSL), and tunnelling TCP connections by forwarding ports. Notable applications that operate over SSH include rsync and similar data transfer tools, and SSHFS to mount remote file trees.

SSH is built on a secure channel protocol that is somewhat similar but not identical to SSL. SSH usually uses passwords or public keys to authenticate users (other mechanisms exist) and public keys to authenticate servers. Unlike SSL, SSH has no common public-key infrastructure to certify server or user keys.

The most common implementations of SSH are OpenSSH (servers and desktops), Dropbear (embedded devices) and PuTTY (Windows client).

For functional questions on configuring SSH, see the ssh tag on Unix & Linux, Server Fault (for IT professionals managing multiple machines), Ask Different (Mac OS X and iOS), Ask Ubuntu or Super User (home PC under any operating system)).

1162 questions

500

votes

8 answers

RSA vs. DSA for SSH authentication keys

When generating SSH authentication keys on a Unix/Linux system with ssh-keygen, you're given the choice of creating a RSA or DSA key pair (using -t type). What is the difference between RSA and DSA keys? What would lead someone to choose one over…

asked Jul 08 '11 at 23:22

jrdioko

13,011
7
29
38

241

votes

4 answers

What is the difference between authorized_keys and known_hosts file for SSH?

I am learning the basics of SSH protocol. I am confused between the contents of the following 2 files: ~/.ssh/authorized_keys: Holds a list of authorized public keys for servers. When the client connects to a server, the server authenticates the…

authentication linux ssh

asked Sep 26 '12 at 12:03

Ankit

2,623
4
15
9

239

votes

3 answers

What are ssh-keygen best practices?

Most users would simply type ssh-keygen and accept what they're given by default. But what are the best practices for generating ssh keys with ssh-keygen? For example: Use -o for the OpenSSH key format rather than the older PEM format (OpenSSH 6.5…

encryption ssh openssh

asked Nov 24 '16 at 05:17

Tom Hale

2,545
3
9
11

233

votes

8 answers

What is the difference between SSL vs SSH? Which is more secure?

What is the difference between SSH and SSL? Which one is more secure, if you can compare them together? Which has more potential vulnerabilities?

encryption tls network ssh

asked Jan 13 '11 at 09:40

Am1rr3zA

3,043
4
17
14

214

votes

9 answers

Best Practice: ”separate ssh-key per host and user“ vs. ”one ssh-key for all hosts“

Is it better to create a separate SSH key for each host and user or just using the id_rsa key for all hosts to authenticate? Could one id_rsa be malpractice for the privacy/anonymity policies? having one ssh-key for all…

privacy ssh key-management anonymity key-generation

asked Aug 04 '13 at 20:12

static

2,239
2
12
7

186

votes

4 answers

SSH key-type, rsa, dsa, ecdsa, are there easy answers for which to choose when?

As someone who knows little about cryptography, I wonder about the choice I make when creating ssh-keys. ssh-keygen -t type, where type is either of dsa,rsa and ecdsa. Googling can give some information about differences between the types, but not…

ssh key-generation

asked Oct 30 '12 at 12:50

user50849

2,490
2
15
15

171

votes

10 answers

Should I be concerned if the "FBI" has logged onto my Ubuntu VPS?

Yesterday, I was performing a bit of general maintenance on a VPS of mine, using the IPMI console my host provided. Upon setting up SSH keys again via the IPMI console, I logged in via SSH and was shocked to see this: Welcome to Ubuntu 14.04.2 LTS…

linux ssh spoofing system-compromise

asked Sep 18 '16 at 14:38

lol what is this

1,551
2
9
11

167

votes

6 answers

ECDSA vs ECDH vs Ed25519 vs Curve25519

Among the ECC algorithms available in openSSH (ECDH, ECDSA, Ed25519, Curve25519), which offers the best level of security, and (ideally) why?

ssh encryption

asked Feb 04 '14 at 09:53

Omar

1,773
2
11
5

153

votes

11 answers

What alternatives are there when SSH is being actively filtered?

Unfortunately our government filters the SSH protocol so now we can't connect to our Linux server. They do the filtering by checking the header of each packet in the network layer (and not by just closing port). They also do away with VPN…

ssh

asked Jan 02 '12 at 21:18

Moein Hosseini

1,293
2
9
7

132

votes

11 answers

Is it completely safe to publish an ssh public key?

I use a RSA key to log into remote servers with ssh. And I keep my dot files under version control in a publicly accessible place so that I can quickly setup new servers to work the way I like. Right now I don't have my .ssh directory under version…

public-key-infrastructure ssh key-management asymmetric

asked Feb 06 '17 at 18:53

Brian

1,291
2
8
6

118

votes

2 answers

SSH Key: Ed25519 vs RSA

A lot of people recommend using Ed25519 instead of RSA keys for SSH. The introduction page of Ed25519 (http://ed25519.cr.yp.to/) says: [..] breaking it has similar difficulty to breaking [..] RSA with ~3000-bit keys [..] So speaking only of security…

cryptography ssh rsa ecc

asked May 25 '15 at 21:59

Ben Richard

3,006
5
16
18

113

votes

9 answers

Should I change the default SSH port on linux servers?

Is there any advantage in changing the SSH port, I've seen people do that, but I can't seem to find the reason why. If you have a strong password and/or a certificate, is it useful for anything? Edit: I should also mention that I am using iptables…

authentication attacks linux attack-prevention ssh

asked Mar 09 '13 at 12:09

sharp12345

1,969
3
13
23

111

votes

5 answers

How to check if an SSH private key has passphrase or not?

Let's say I have access to the private portion of an RSA key-pair. How can I check if this key has associated passphrase or not?

public-key-infrastructure ssh passphrase

asked Jul 11 '16 at 11:18

kung

1,309
2
8
9

100

votes

10 answers

Does it improve security to use obscure port numbers?

I recently started a job at a small company where the CTO prefers to host SSH services at obscure, high numbered ports on our servers rather than the well known port 22. His rationale is that "it prevents 99% of script kiddy attacks." I'm curious…

ssh protocols defense obscurity

asked Jul 17 '18 at 00:56

William Rosenbloom

1,516
2
6
12

votes

2 answers

How do I get the RSA bit length with the pubkey and openssl?

I have a public key generated with ssh-keygen and I'm just wondering how I get information on the keylength with openssl?

ssh openssl

asked Sep 11 '13 at 17:12

Evan Carroll

2,325
4
22
29

2 3

…

77 78 Next