TechCacheKB.com

Technical News and Knowledge Base Articles along with How to Step by Step Guides for SMB and Enterprise


Understanding SSH and Its Use in Windows 11


What is SSH?

Secure Shell (SSH) is a cryptographic network protocol that provides a secure way to access a remote computer. It allows users to execute commands and manage files on remote systems securely.

Ports Used by SSH

SSH operates on port 22 by default. This port can be changed for security purposes.

How SSH Works

SSH establishes a secure connection between a client and a server. Here’s how it works:

  1. Client Initiation: The client starts the connection to the server.
  2. Server Response: The server sends its public key to the client.
  3. Client Authentication: The client uses the public key to encrypt a session key and sends it back to the server.
  4. Session Key Establishment: The server decrypts the session key with its private key. The session key is then used to encrypt further communication.

Using SSH on Windows 11

Windows 11 comes with built-in SSH support via the Windows Subsystem for Linux (WSL) or PowerShell.

Installing OpenSSH

To use SSH, you need to ensure that OpenSSH is installed.

  1. Installing OpenSSH Client:
   Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Client*'
   Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
  • Get-WindowsCapability -Online: Lists all capabilities.
  • Where-Object Name -like 'OpenSSH.Client*': Filters the list for OpenSSH Client.
  • Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0: Installs the OpenSSH client.
  1. Installing OpenSSH Server (if you want to set up a server):
   Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Server*'
   Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Starting and Enabling SSH Service

After installation, start and enable the SSH service:

Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
  • Start-Service sshd: Starts the SSH service.
  • Set-Service -Name sshd -StartupType 'Automatic': Sets the SSH service to start automatically on boot.
Connecting to an SSH Server

To connect to an SSH server, use the following command in PowerShell:

ssh username@hostname
  • ssh: The SSH command.
  • username: Your username on the remote server.
  • hostname: The IP address or domain name of the remote server.

Advanced SSH Features

Port Forwarding

SSH can forward ports, redirecting network traffic from one port to another.

  • Local Port Forwarding:
  ssh -L local_port:remote_address:remote_port username@hostname
  • Redirects traffic from local_port to remote_address:remote_port through username@hostname.
  • Remote Port Forwarding:
  ssh -R remote_port:local_address:local_port username@hostname
  • Redirects traffic from remote_port on the server to local_address:local_port on the client.
SSH Tunneling

SSH tunneling routes network traffic securely through SSH.

ssh -D local_port username@hostname
  • -D local_port: Specifies a local dynamic application-level port forwarding.
SSH Key Authentication

SSH keys provide a more secure login method compared to passwords.

  1. Generate SSH Key Pair:
   ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  • -t rsa -b 4096: Specifies the type and size of the key.
  • -C "your_email@example.com": Provides a comment.
  1. Copy Public Key to Server:
   ssh-copy-id username@hostname
  • Copies the public key to the server.
  1. Log In Using SSH Key:
   ssh username@hostname

Securing SSH

Changing the Default SSH Port

Edit the SSH configuration file:

notepad $env:ProgramData\ssh\sshd_config

Change the port number:

Port 2222

Restart the SSH service:

Restart-Service sshd
Disabling Root Login

To disable root login, edit the SSH configuration file:

notepad $env:ProgramData\ssh\sshd_config

Set PermitRootLogin to no:

PermitRootLogin no

Restart the SSH service:

Restart-Service sshd
Using Security Certificates with SSH

SSH can utilize certificates for enhanced security.

  1. Create a Certificate Authority (CA) Key:
   ssh-keygen -f C:\path\to\ca -C "CA for SSH"
  1. Sign User Keys:
   ssh-keygen -s C:\path\to\ca -I username -n username -V +52w user_key.pub
  • -s C:\path\to\ca: Specifies the CA key.
  • -I username: The identity of the user.
  • -n username: The principal name.
  • -V +52w: Validity period.
  1. Configure SSH to Trust the CA:
    Add the CA public key to the SSH server configuration:
   notepad $env:ProgramData\ssh\sshd_config

Add the following line:

   TrustedUserCAKeys C:\path\to\ca.pub

Restart the SSH service:

   Restart-Service sshd

Additional Tips and Tricks

  • Using SSH Config File: Simplify SSH command usage by creating an SSH config file.
  notepad $env:USERPROFILE\.ssh\config

Add configurations:

  Host alias
      HostName hostname
      User username
      Port 2222
      IdentityFile C:\Users\your_user\.ssh\id_rsa
  • Copy Files Using SCP:
  scp file.txt username@hostname:/path/to/destination
  • Sync Files Using Rsync:
  rsync -avz file.txt username@hostname:/path/to/destination

Conclusion

SSH is an essential tool for securely managing remote systems. Understanding its protocol, advanced features, and security practices can significantly enhance your operations on Windows 11.


  • How to Run Different Types of Antivirus Scans on Windows 11 Using Built-In Tools
    Windows 11 comes with a robust built-in antivirus tool called Windows Security (formerly Windows Defender). It offers multiple types of scans to ensure your system is protected from malware and other security threats.
  • Understanding Windows 11 Permissions: A Comprehensive Guide
    Windows 11, like its predecessors, uses a robust permission system to manage access to files, folders, and other resources. Understanding how these permissions work is essential for maintaining system security and ensuring that users have the appropriate access levels. This guide will explain how permissions work in Windows 11 for users, groups, folders, and files. We’ll delve into security permissions, their options, uses, and provide tips and tricks for effective permission management.
  • Troubleshooting and Resolving User Profile Issues in Windows 11
    User profile issues in Windows 11 can result in various problems, such as being unable to log in, corrupted user data, or missing settings. This guide provides detailed steps to troubleshoot and resolve these issues using both the Windows 11 graphical user interface (GUI) and Command Prompt/PowerShell. Additionally, it includes tips and tricks for a comprehensive resolution.
  • Detect and Resolve Audio Issues on Windows 11
    Audio issues on Windows 11 can stem from various sources, including hardware problems, driver issues, misconfigurations, or software conflicts. This guide provides a detailed approach to troubleshooting and resolving these issues using both the GUI and PowerShell. We’ll cover driver information, configurations, settings, testing audio, and advanced audio settings.
  • Repairing System Level OS Issues in Windows 11
    System-level issues in Windows 11 can manifest in various ways, such as slow performance, unexpected crashes, or unresponsive applications. This guide will provide a comprehensive overview of how to detect and repair these issues using both Command Prompt (CMD) and PowerShell. We will cover essential commands, how to elevate permissions, and offer tips for effective troubleshooting.

Posted

in

, , ,

by