Ssh Example

  1. Rsync Ssh Example
  2. Ssh Example With Password

Hello!

Simple usage of ssh is just providing hostname or IP address of remote system and connect. The user name is supplied from current user. Simply current users username is used for remote system. $ ssh 192.168.122.22 Connect To Remote Specify Username Explicitly. In the previous example username is supplied by the session. To enable users SSH access to your EC2 instance using a Linux system user account, you must share the SSH key with the user. Alternatively, you can use EC2 Instance Connect to provide access to users without the need to share and manage SSH keys.

This week we're gonna dive into SSH and, to a lesser extent, OpenSSL.

Today we're going to cover everything that you wanted to know(or at least that I wanted to know)about SSH Public Keys but were too afraid to ask(well, except that you're obviously asking now)and that your parents wouldn't tell you anyway(mostly because they had no idea).

In short, the text format (RFC 4253) is like this:

id_rsa.pub (or id_ecdsa.pub):

For example:

And the binary format looks like this:

[decoded-ssh-public-key]:

As to what that means, well, it's all explained below!

But First: Private Keys

Update: It used to be that OpenSSH used the same standard DER/ASN.1formats as OpenSSL for private keys. Now, however, OpenSSH has its ownprivate key format (no idea why), and can be compiled with or without supportfor standard key formats.

It's a very natural assumption that because SSH public keys (ending in .pub)are their own special format that the private keys (which don't end in .pemas we'd expect) have their own special format too.

However, they're actually in the same stardard formats that OpenSSL uses.

If you want more info check this out:

Public Keys: What you see

As you (a reader of this article) have probably already found out(hence you're here), SSH public keys are not standard OpenSSL keys,but rather a special format and are suffixed with .pub.

A typical id_rsa.pub will look like this:

Traditionally SSH uses RSA for keys (as seen above), which is what you'll likely see on your Macbook.

However, it's quite likely that when you're connecting to a Linux server running a newer version ofOpenSSH you'll get a message about an ECDSA fingerprint the first time you connect.

Rsync Ssh Example

The ECDSA keys are much shorter than RSA, thoughjust as secure, if not moreso,and the id_ecdsa.pub format is about the same:

Here's the general format for all SSH public keys:

What you don't see

If you take the key apart it's actually very simple and easy to convert. It looks like this:

[decoded-ssh-public-key]:

Want to see on online demo?

RSA key caveats

In ASN.1 / DER format the RSA key is prefixed with 0x00 whenthe high-order bit (0x80) is set.

SSH appears to use this format.

Example

After running thousands of automated iterations of ssh-keygen I can say this with certainty:

  • The 3rd element of the SSH key is the RSA n value (given)
  • The 1st byte (0-index) of the 3rd element always begins with 0x00
  • The 2nd byte (1-index) of the 3rd element is never less that 0x90 (144 or 10010000)

Thus a 2048-bit key actually has only 2046-bits bits in its keyspace(which was already only about 256 bits in practice anyway because only probable primes are used).

I'd like to repeat this with OpenSSL to ensure that it holds trueand see how ssh-keygen converts such a number to SSH format (i.e. 0x00 padding)if it doesn't hold true. My best guess is that it does.

I believe that the exponent is limited to a 32-bit integer, buthonestly I don't care since all practical applications use 0x10001(that being 65537 or 10000000000000001).

EC key caveats

The EC key is begins with 0x04 which is a throw-away byte that meansthe key is in x+y or uncompressed format.

(compressed format is smaller, as omits the derivable y value, but requiresmore implementation details to use - namely deriving y - so it is most oftenincluded in order to kepp things simplicity)

If it's a P-256 key then the next 32 bytes (256 bits) are the x value and theremaining 32 bytes are the y value. For P-384 length of each is 48 bytes(384 bits).

Either way the keys are padded with 0x00 up to the length of the key,so you can strip those away (and for some formats, such as JWK, you must strip them).

Example

Go forth and do!

From here, with the right vocabulary and a high- (and low-) level understanding,it should be pretty easy to find examples any specific ssh-keygen commands onStackOverflow and even write your own parser/packer combo as I did:ssh-parser (demo),ssh-packer (demo).

Bonus Material!

Just a few more things, in case you're interested:

(and with any luck those will lead you further down a few rabbit holes)


By AJ ONeal
Thanks! It's really motivating to know that people like you are benefiting from what I'm doing and want more of it. :)

Git clone with ssh example

Ssh Example With Password

Did I make your day?

(you can learn about the bigger picture I'm working towards on my patreon page )

Please enable JavaScript to view the comments powered by Disqus.

On this page:

Overview

The SSH File Transfer Protocol (SFTP), also known as the Secure File Transfer Protocol, enables secure file transfer capabilities between networked hosts. Unlike the Secure Copy Protocol (SCP), SFTP additionally provides remote file system management functionality, allowing applications to resume interrupted file transfers, list the contents of remote directories, and delete remote files.

The command-line secure file transfer program (sftp) and graphical SFTP clients, such as WinSCP and Fetch, use SSH2 encryption to authenticate and establish secure channels between networked hosts. Although SFTP clients are functionally similar to FTP clients, they employ different protocols; consequently, you cannot use a standard FTP client to connect to an SFTP server.

IU hostnames

Two-factor authentication using Two-Step Login (Duo) is required for access to the login nodes on IU research supercomputers, and for SCP and SFTP file transfers to those systems. SSH public key authentication remains an option for researchers who submit the 'SSH public key authentication to HPS systems' agreement (log into HPC everywhere using your IU username and passphrase), in which you agree to set a passphrase on your private key when you generate your key pair. If you have questions about how two-factor authentication may impact your workflows, contact the UITS Research Applications and Deep Learning team. For help, see Get started with Two-Step Login (Duo) at IU and Help for Two-Step Login (Duo).

At Indiana University, specify the following hostnames for SFTP file transfers involving these UITS resources (authenticate using your IU username and passphrase):

System Hostname
Big Red 3bigred3.uits.iu.edu
Carbonatecarbonate.uits.iu.edu
Research Database Complexrdc.uits.iu.edu
Scholarly Data Archivesftp.sdarchive.iu.edu
Sitehostssh.sitehost.iu.edu
Pagesssh-pages.iu.edu

Graphical SFTP clients

Graphical SFTP clients simplify file transfers by allowing you to drag and drop icons from one window to another. Each icon represents a file or directory, and each window represents a computer's file system. When you open the program, you specify the name of the remote host to which you want to connect, and then authenticate with your username and password for that host.

For IU, students, faculty, and staff, two graphical SFTP clients, CyberDuck (for macOS) and WinSCP (for Windows), are available for free download from IUware. Both applications also are available for use on the computers in the IU Bloomington and IUPUI Student Technology Centers (STCs). Additionally, WinSCP is available for use on personal Windows workstations via IUanyWare.

Command-line SFTP

You can use command-line SFTP on systems running Linux, or from the macOS Terminal. To start an SFTP session, at the shell prompt, enter:

For example, if your username is darvader, to connect to your account on the host deathstar.empire.gov, enter:

Enter your password when prompted.

Some standard command-line SFTP commands include:

Command Function
cdChange the directory on the remote host.
chmodChange the permissions of files on the remote host.
chownChange the owner of files on the remote host.
exit (or quit)Close the connection to the remote host, and exit SFTP.
getCopy a file from the remote host to the local computer.
help (or ?) Get help on the use of SFTP commands.
lcdChange the directory on the local computer.
llsList the contents of the current directory on the local computer.
lmkdirCreate a directory on the local computer.
ln (or symlink) Create a symbolic link for a file on the remote host.
lpwdShow the present working directory on the local computer.
ls (or dir) List the contents of the current directory on the remote host.
lumaskChange the local umask value.
mkdirCreate a directory on the remote host.
putCopy a file from the local computer to the remote host.
pwdShow the present working directory on the remote host.
renameRename a file on the remote host.
rmDelete a file on the remote host.
rmdirRemove a directory on the remote host (the directory usually has to be empty).
versionDisplay the SFTP version.
!Pop out to the shell prompt to enter other commands. To return to SFTP, enter exit. If you combine ! with a command (for example, !pwd), SFTP executes the command without popping you out to the shell prompt.