SSH (Secure Shell) is a network protocol that provides secure communication between two computers, typically a client and a server. It is commonly used to enable remote access and management of a server or other networked device. The SSH protocol encrypts all traffic between the client and the server, making it resistant to eavesdropping, tampering, and other forms of network attacks.

To establish an SSH connection, a client program sends a request to the server to initiate the SSH protocol. The server runs the SSH daemon (sshd) that listens for incoming SSH connections on a designated port (usually 22). Once a connection is established, the client and server negotiate the encryption algorithm and authentication method to be used for the session.

The SSH protocol supports a variety of authentication methods, including password authentication and public key authentication. With password authentication, the client sends a username and password to the server to authenticate the user. Public key authentication uses a pair of cryptographic keys - a public key and a private key - to authenticate the user. The public key is stored on the server, and the private key is kept by the user.

The SSH and SSHD services provide a secure way to manage remote systems, transfer files securely, and execute remote commands securely over the network. These services are widely used in various environments, including system administration, network management, and cloud computing. It's important to properly configure and secure SSH and SSHD to prevent unauthorized access and protect sensitive data.

$ ssh username@hostname

$ ssh -p <port> username@hostname

$ ssh -i /path/to/private/key username@hostname

$ ssh username@hostname "command"

$ ssh-keygen -t rsa
or
$ ssh-keygen -t rsa -b 4096 -C "<comment>"

$ ssh-copy-id -i ~/.ssh/id_rsa.pub -p 1234 user@host

$ ssh-keygen -f "/home/ubuntu/.ssh/known_hosts" -R "10.0.0.10"
 
# Host 10.0.0.10 found: line 39
# Host 10.0.0.10 found: line 40
/home/ubuntu/.ssh/known_hosts updated.
Original contents retained as /home/ubuntu/.ssh/known_hosts.old

$ nano ~/.ssh/config
 
Host somename
        Hostname sftp.somename.com
        User someusername
        IdentityFile ~/.ssh/someprivatekeyfile
 
Host someothername
        Hostname somename.com
        User someusername
        IdentityFile ~/.ssh/someprivatekeyfile
        Port 1234
 
Host yetanothername
        Hostname 10.3.0.12
        User root
 
# you can now        
$ sftp somename
$ ssh yetanothername
$ scp /local/file.ext someothername:/remote/target/folder/

Ubuntu, Debian, CentOS, Fedora and other systems that use systemd

sudo systemctl start|restart|stop ssh|sshd

Systems that use SysV init:

sudo service ssh|sshd start|restart|stop

Is a system file that contains a list of public keys for hosts that the user has previously connected to via SSH. When a user connects to a remote host using SSH for the first time, the remote host's public key is added to this file, and on subsequent connections, the client checks this file to ensure that it is connecting to the correct remote host. If the remote host's key has changed, the user is prompted to confirm the change before proceeding with the connection. Meaning: this keeps track of the outbound SSH calls when you connect to other hosts.

A file that contains a list of public keys that are authorized to access an SSH user account. When a user wants to set up passwordless authentication to a remote host, they can add their public key to the authorized_keys file on the remote host. When the user attempts to connect to the remote host via SSH, the remote host checks the authorized_keys file to see if the user's public key is listed. If the key is found, the user is granted access to the account without needing to enter a password. This file is a critical part of SSH security as it allows for secure remote access to a system without the need for password-based authentication. Meaning: this keeps track of the inbound SSH calls where you login to your own user from another machine.

This is a configuration file that allows users to specify SSH options for various hosts, as well as create shortcuts for commonly used options. It provides a way to simplify the process of connecting to remote hosts by allowing users to set up SSH options once and reuse them for future connections. For example, users can specify options such as the hostname, port number, username, and identity file, as well as advanced options such as TCP keepalive and SSH agent forwarding.

Additionally, the config file allows for the creation of host aliases, which enables users to assign nicknames to frequently used hostnames. With this feature, users can simply type the nickname instead of the full hostname when connecting to the remote host. The config file also supports conditional settings, which enables users to specify options based on the context of the connection, such as network location or originating machine. Overall, the config file provides a convenient and efficient way to manage SSH connections and simplify the process of remote access.

This is a system-wide configuration file that sets the default options for the SSH client. It applies to all SSH connections initiated from the local machine, regardless of the user account used to establish the connection. The options set in this file can be overridden by user-specific options in the “~/.ssh/config” file.

The ssh_config file includes a variety of configuration options that allow administrators to specify various parameters for SSH connections. For example, it allows setting options such as the default port number for SSH connections, the preferred key exchange algorithms, and the default login name to use when connecting to a remote host.

This file also supports conditional settings, which enable administrators to specify different options based on the context of the connection. For example, options can be set based on the originating IP address, the hostname of the remote machine, or other criteria. Overall, the ssh_config file provides a powerful and flexible way to manage SSH connections and security settings across an entire system.

sshd_config is the system-wide configuration file for the OpenSSH daemon (sshd) that listens for incoming SSH connections on a server. It sets the default options for the SSH server and applies to all incoming SSH connections, regardless of the user account used to establish the connection.

The sshd_config file includes a wide range of configuration options that enable system administrators to specify various parameters for SSH server connections. For example, it allows setting options such as the default port number for SSH connections, the preferred key exchange algorithms, and the type of authentication allowed.

The file also supports various security-related settings, such as setting restrictions on the users who can connect to the server, limiting the number of concurrent connections, and setting up chroot environments for specific users.

Similar to the ssh_config file, the sshd_config file supports conditional settings that enable administrators to specify different options based on the context of the connection. For example, options can be set based on the originating IP address, the hostname of the remote machine, or other criteria.

Overall, the sshd_config file is an essential tool for system administrators to manage and configure SSH server connections and maintain a secure and reliable remote access environment.

The related log files for SSH and SSHD can also vary depending on the operating system and version, but here are the common ones for several popular Linux distributions:

Ubuntu, Debian, and other systems that use systemd:
The SSH log file is typically located at /var/log/auth.log, and the SSHD log file is typically located at /var/log/syslog.

CentOS, Fedora, and other systems that use systemd:
The SSH log file is typically located at /var/log/secure, and the SSHD log file is typically located at /var/log/secure.

Systems that use SysV init:
The SSH log file is typically located at /var/log/secure, and the SSHD log file is typically located at /var/log/messages.

In general, the SSH log file records information about SSH client connections, including successful and failed login attempts, the time and date of the connection, and the IP address of the connecting client. The SSHD log file records information about the SSH server, including successful and failed connection attempts, system errors, and other server-related events.

The SSH command with the -L and -D options allows you to create secure connections between two computers, which can be useful in many situations.

The -L option creates a secure tunnel that connects your computer to another computer through a third computer. This can be helpful when you need to access a computer that's behind a firewall or is not accessible from your computer directly.

For example, imagine you need to access a computer at work, but it's only accessible from your work network. By creating an SSH tunnel with the -L option, you can connect to a different computer that is accessible from your computer, and that computer will connect to the work computer for you.

The -D option creates a different type of tunnel that lets you use a remote computer as a proxy. This is useful if you want to access resources that are only available from a remote computer.

For example, imagine you need to access a website that is only available from a computer in a different country. By creating an SSH tunnel with the -D option, you can use the remote computer as a proxy to access the website from your computer.

Overall, the -L and -D options are powerful tools that allow you to securely connect to remote computers and access resources that might otherwise be unavailable to you.

Let's say you're traveling abroad and need to access a website that's only accessible from your home country. By using the -D option, you can create a SOCKS proxy that routes all your web traffic through a remote computer in your home country.

The command to create the proxy would look like this:

ssh -D 1080 user@home.com
 
# where:
# -D 1080 is the local port to use (pick any open port [above 1024] at will)

In this example, you're connecting to the “home.com” computer and creating a SOCKS proxy on port 1080. You can then configure your web browser to use the SOCKS proxy on your local computer (by specifying localhost:1080 as target), and all your web traffic will be securely routed through the “home.com” computer. This will make it appear as if you're accessing the web from your home country, even if you're physically located in a different country.

Let's say you have a server that's only accessible from your office network, but you need to access it from your home computer. By using the -L option, you can create a secure tunnel that connects your home computer to the server through another computer that's accessible from your home computer.

The command to create the tunnel would look like this:

ssh -L 8888:server.example.com:22 user@accessible.com
 
# where
# 8888 is the local port to use (pick any open port [above 1024] at will)
# server.example.com is the target server we want to reach
# 22 is the remote port we want to reach on the target server
# accessible.com is the server in the middle (jumphost)

In this example, you're connecting to the “accessible.com” computer and creating a tunnel on port 8888. Any traffic sent to port 8888 on your home computer will be securely forwarded to the “server.example.com” server through the “accessible.com” computer. This is commonly in use in secure networks where you only can or want to expose 1 server to the internet, and you use this as jumphost to reach other services that are in the network behind.