Tromero LogoTromero.docs
Back To Tutorials
Last Update: July 18, 2024

SSH - A beginners guide

SSH, or Secure Shell, is a way of securely and privately communicating between machines over the internet. It's commonly used to access remote computers, execute commands, or transfer files, all while keeping the information safe. In this article, we try and explain what SSH does in simpler terms, so you don't just have to take our word for it when we tell you how to access your GPU instances!

How SSH Works:

There are only 3 central ideas you need to know to understand how SSH works, let's define these without the technical jargon:

  • Locks and Keys: You can imagine SSH-ing into a machine as creating and fitting a lock on the machine, that takes only a single, unique key. Only someone (you) with the right key (your private key) can open it. In SSH, these are digital: a public key (that anyone can see) and a private key (which you should keep to yourself). The public key (lock) is placed (fitted) on the server you want to access, while the private key stays with you. You can copy and share the public key as much as you’d like, so long as ONLY you have the private key.

  • Tunnels: Once the keys match and access is granted, SSH creates a secure "tunnel" through which data can travel safely, much like a secure pipeline where no one else can see or access the data inside. Once you’ve SSH’ed into a machine, it will seem as if your local machine (that you are SSH-ing from) is one end of a tunnel, the other being the remote machine (that you SSH-ed into), and you can pass anything through, like any commands you want to run.

  • Ports: Think of ports here like airports. Each port is assigned a number, and different types of services or applications use specific ports to send data back and forth through, via tunnels, secured by their own locks and keys. Just like a city might use one airport to receive passengers, but another to receive cargo, different internet services can use different ports. For example, web traffic usually goes through port 80, while email services might use port 25. The default port that is used when SSH’ing is 22, but you can change it if you know what the port should be.

Using SSH:

For more detail, you can check out our more specific and in depth guide here

  1. Generate Keys:

    First, lets create the lock and key pair that we will user to authenticate our connection later:

    ssh-keygen

    You can just press enter again and again until its done. This command creates a new SSH key pair, which will be saved in the default location ($HOME/.ssh/).

  2. Copy the Public Key to Your Server:

    Now, we will install the lock you just created into the remote machine that you are trying to setup a secure connection with:

    ssh-copy-id username@remote_host

    Replace username with your username and remote_host with the server's address.

  3. Connect via SSH:

    Finally, lets go to the port and setup a tunnel between the two machines:

    ssh username@remote_host

    Now you're using your private key to unlock that lock on the remote machine, and start a secure tunnel between your local computer and the remote computer, at the default port (22).

And thats it! There are more bells and whistles you can add to customise the experience depending on what you want and what the remote machine/service requires, but the base functionality of the SSH tool is very simple.

The .ssh folder:

The .ssh folder in your user directory is like a secure cabinet where your SSH keys, locks, and configuration files are stored. It contains:

  • Private and Public Keys:

    • Each key comes in a pair (public and private, lock and key).
    • For example, the default name for keys is id_rsa but there will be a file called id_rsa and a file called id_rsa.pub (being the public key).
    • The .pub can be shared as you like, but never share, or even try to open the non-pub file, unless you really know what you are doing.

  • Config File: A file where you can specify settings for SSH connections, like shorthand names for servers or default usernames. This is useful if you want to use VSCode too.

    • A typical section in the config file will look like: 
      Host server_nickname                     # This is a nickname you choose for the connection, making it easier to remember.
HostName 1.23.45.0                       # The actual address of the server you want to connect to.
User myusername                          # Your username on the server.
Port 22                                  # The port number SSH should connect to, usually 22. You can usually skip adding this.
IdentityFile ~/.ssh/my_private_key       # The path to your private SSH key for this connection.
    • With this configuration, instead of typing ssh myusername@1.23.45.0 -p 22 -i ~/.ssh/my_private_key, you just need to type ssh server-nickname.

  • Authorised keys: The authorized_keys file in SSH is like a list of all the locks installed on the system. It contains the public keys of all users who are allowed to attempt to access the server with their private keys.

    • You don’t usually need to add anything manually to this, but if you do, only add the public SSH keys.
    • ssh-copy-id is a convenient command that automates the process of adding your public SSH key to the authorized_keys file on a remote server.
Back To Tutorials

Was this page helpful?