SSH (Secure Shell) is a network protocol that provides secure communication between two computers, typically a client and a server. It is commonly used to enable remote access and management of a server or other networked device. The SSH protocol encrypts all traffic between the client and the server, making it resistant to eavesdropping, tampering, and other forms of network attacks.

To establish an SSH connection, a client program sends a request to the server to initiate the SSH protocol. The server runs the SSH daemon (sshd) that listens for incoming SSH connections on a designated port (usually 22). Once a connection is established, the client and server negotiate the encryption algorithm and authentication method to be used for the session.

The SSH protocol supports a variety of authentication methods, including password authentication and public key authentication. With password authentication, the client sends a username and password to the server to authenticate the user. Public key authentication uses a pair of cryptographic keys - a public key and a private key - to authenticate the user. The public key is stored on the server, and the private key is kept by the user.

The SSH and SSHD services provide a secure way to manage remote systems, transfer files securely, and execute remote commands securely over the network. These services are widely used in various environments, including system administration, network management, and cloud computing. It's important to properly configure and secure SSH and SSHD to prevent unauthorized access and protect sensitive data.

$ nano ~/.ssh/config
 
Host somename
        Hostname sftp.somename.com
        User someusername
        IdentityFile ~/.ssh/someprivatekeyfile
 
Host someothername
        Hostname somename.com
        User someusername
        IdentityFile ~/.ssh/someprivatekeyfile
        Port 1234
 
Host yetanothername
        Hostname 10.3.0.12
        User root
 
# you can now        
$ sftp somename
$ ssh yetanothername
$ scp /local/file.ext someothername:/remote/target/folder/

$ ssh -D 6666 -vTCN username@sshserver.domain.com -p1234
 
# where:
# -D 6666 is the local port to use (pick open port at will)
# -p 1234 is the remote port at which the remote ssh-server is listening for you

This is very useful is you want to tunnel into an ssh jumphost in a remote network, and then reach a service on another server inside the target network. For example, you can tunnel a mail local mail client, via an ssh jumphost, to a private email server somewhere on the remote network.

ssh -L 6666:192.168.1.100:1234 usnername@ssh-jumphost.domain.com -p 8080 -vTN
 
# where
# 6666 is the local port to use (pick open port at will)
# 192.168.1.100 is the ip-address of the remote server (reachable from the ssh jumphost)
# 1234 is the remote port to use on the remote server
# -p 1234 is the remote port at which the remote ssh-server is listening
 
ssh -L opens a local port. Everything that you send to that port is put through the ssh connection and leaves through the server.
If you do, e.g., ssh -L 4444:google.com:80, if you open http://localhost:4444 on your browser, you'll actually see google's page.
 
ssh -D opens a local port, but it doesn't have a specific endpoint like with -L. Instead, it pretends to be a SOCKS proxy.
If you open, e.g., ssh -D 7777, when you tell your browser to use localhost:7777 as your SOCKS proxy, everything your browser 
requests goes through the ssh tunnel. To the public internet, it's as if you were browsing from your ssh server instead of from your computer.

Ubuntu, Debian, CentOS, Fedora and other systems that use systemd

sudo systemctl start|restart|stop ssh|sshd

Systems that use SysV init:

sudo service ssh|sshd start|restart|stop

Is a system file that contains a list of public keys for hosts that the user has previously connected to via SSH. When a user connects to a remote host using SSH for the first time, the remote host's public key is added to this file, and on subsequent connections, the client checks this file to ensure that it is connecting to the correct remote host. If the remote host's key has changed, the user is prompted to confirm the change before proceeding with the connection. Meaning: this keeps track of the outbound SSH calls when you connect to other hosts.

A file that contains a list of public keys that are authorized to access an SSH user account. When a user wants to set up passwordless authentication to a remote host, they can add their public key to the authorized_keys file on the remote host. When the user attempts to connect to the remote host via SSH, the remote host checks the authorized_keys file to see if the user's public key is listed. If the key is found, the user is granted access to the account without needing to enter a password. This file is a critical part of SSH security as it allows for secure remote access to a system without the need for password-based authentication. Meaning: this keeps track of the inbound SSH calls where you login to your own user from another machine.

This is a configuration file that allows users to specify SSH options for various hosts, as well as create shortcuts for commonly used options. It provides a way to simplify the process of connecting to remote hosts by allowing users to set up SSH options once and reuse them for future connections. For example, users can specify options such as the hostname, port number, username, and identity file, as well as advanced options such as TCP keepalive and SSH agent forwarding.

Additionally, the config file allows for the creation of host aliases, which enables users to assign nicknames to frequently used hostnames. With this feature, users can simply type the nickname instead of the full hostname when connecting to the remote host. The config file also supports conditional settings, which enables users to specify options based on the context of the connection, such as network location or originating machine. Overall, the config file provides a convenient and efficient way to manage SSH connections and simplify the process of remote access.

This is a system-wide configuration file that sets the default options for the SSH client. It applies to all SSH connections initiated from the local machine, regardless of the user account used to establish the connection. The options set in this file can be overridden by user-specific options in the “~/.ssh/config” file.

The ssh_config file includes a variety of configuration options that allow administrators to specify various parameters for SSH connections. For example, it allows setting options such as the default port number for SSH connections, the preferred key exchange algorithms, and the default login name to use when connecting to a remote host.

This file also supports conditional settings, which enable administrators to specify different options based on the context of the connection. For example, options can be set based on the originating IP address, the hostname of the remote machine, or other criteria. Overall, the ssh_config file provides a powerful and flexible way to manage SSH connections and security settings across an entire system.

sshd_config is the system-wide configuration file for the OpenSSH daemon (sshd) that listens for incoming SSH connections on a server. It sets the default options for the SSH server and applies to all incoming SSH connections, regardless of the user account used to establish the connection.

The sshd_config file includes a wide range of configuration options that enable system administrators to specify various parameters for SSH server connections. For example, it allows setting options such as the default port number for SSH connections, the preferred key exchange algorithms, and the type of authentication allowed.

The file also supports various security-related settings, such as setting restrictions on the users who can connect to the server, limiting the number of concurrent connections, and setting up chroot environments for specific users.

Similar to the ssh_config file, the sshd_config file supports conditional settings that enable administrators to specify different options based on the context of the connection. For example, options can be set based on the originating IP address, the hostname of the remote machine, or other criteria.

Overall, the sshd_config file is an essential tool for system administrators to manage and configure SSH server connections and maintain a secure and reliable remote access environment.

The related log files for SSH and SSHD can also vary depending on the operating system and version, but here are the common ones for several popular Linux distributions:

Ubuntu, Debian, and other systems that use systemd:
The SSH log file is typically located at /var/log/auth.log, and the SSHD log file is typically located at /var/log/syslog.

CentOS, Fedora, and other systems that use systemd:
The SSH log file is typically located at /var/log/secure, and the SSHD log file is typically located at /var/log/secure.

Systems that use SysV init:
The SSH log file is typically located at /var/log/secure, and the SSHD log file is typically located at /var/log/messages.

In general, the SSH log file records information about SSH client connections, including successful and failed login attempts, the time and date of the connection, and the IP address of the connecting client. The SSHD log file records information about the SSH server, including successful and failed connection attempts, system errors, and other server-related events.