Mastering SSH: How Secure Shell Works, Configures, and Enables Password‑less Login
This guide explains what SSH (Secure Shell) is, details its encryption handshake process, shows how to log in via command line, outlines key server configuration options, and demonstrates setting up password‑less authentication using key pairs.
What is SSH
SSH (Secure Shell) is a network protocol that provides secure remote login and command execution over a computer network. It protects data transmission by encrypting the communication channel, preventing eavesdropping or tampering. SSH supports multiple authentication methods such as passwords, public keys, and certificates, and also offers file transfer and port forwarding.
SSH principle
1. The client connects to the server's SSH port (default 22) and sends a random number, a list of supported encryption algorithms, and the SSH version.
2. The server selects an encryption and hash algorithm, generates its public key, and sends it to the client.
3. The client verifies the server's public key, generates a session key, encrypts it with the server's public key, and sends it to the server.
4. The server decrypts the session key with its private key and validates it.
5. Both sides use the session key, hash algorithm, and encryption algorithm to derive a new key for subsequent data encryption.
6. After this handshake, the client and server can exchange encrypted data.
SSH login
ssh [user]@[host] -p [port]
-l option specifies the login name. -p option specifies the port when the server uses a non‑default port.
[root@localhost named]# ssh 192.168.10.20
The authenticity of host '192.168.10.20 (192.168.10.20)' can't be established.
ECDSA key fingerprint is SHA256:KtaBKXckd5FGPVjjbVKvTH7FlTeo5/gNAXFWe9UlBlY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.20' (ECDSA) to the list of known hosts.
[email protected]'s password:
...Server SSH configuration
Configuration file: /etc/ssh/sshd_config. Edit this file to change SSH settings.
ListenAddress ip
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
MaxSessions 10
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication yes
GatewayPorts no
ClientAliveInterval 10
ClientAliveCountMax 3
UseDNS yes
GSSAPIAuthentication yes
# Example: change default port
Port 9527SSH password‑less login
Generate a key pair and copy the public key to the target host.
# Generate RSA key pair
ssh-keygen -t rsa
# Copy public key to remote host
ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
# Test login
ssh [email protected]Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.