This answers the question "How to setup SSH on a client (local machine)?"
SSH is the acronym for "Secure Shell". An SSH connection allows you to connects one node(machine) in a network to another without have to to enter a password. The relationship between the two machines will follow a client server model. The machine on which you type "ssh <username>@<ip address" is the client (aka "local machine") an the machine that you are trying to connect to is the server (aka "host machine"). The server always maintains the information about the username and password. A machine may act as either client or server depending on whether the user is logged on to it or trying to connect ot it: if the user is already logged on to it, it is the client.
In order for a client to connect to a server using SSH, it must set up a public key/private key pair. The public key and private key provide the encryption needed for secure authentication and authorization. An algorithm can verify that a give private key matches a given public key. Both the public and private keys are stored on the client. Before the client can connect to the server, the server must record the public key of the client in an file called authorized_keys located in the .ssh directory under the home directory of the user on the server machine. When the user issues the SSH command from the client machine the public key (and proof that it has the matching private key) is sent to the server. If there is a match between the public key sent to the server and one of the keys in the authorized_keys file, then a test is made on the client to see if the server is trusted. During ssh initialization the host send the client a host key. The client checks the host key against entries in the known_hosts file. If the host key is not found a message pops up asking the user to verify the host. Once verified the host key is added to the client's known_hosts file.
For example if I want to issue the following command: ssh bob@1.2.3.4, the following setup must exist on the the client and server machines.
You can think of authorized_keys as a file that helps the server trust the client and known_hosts as a file that helps the client trust the server. The public key, authorized_keys and known_hosts files are all text files and the contents may be safely copy and pasted. It is also possible to add a config file to the client .ssh directory and the config file can be used to map servers to different public/private key files if needed. In general, SSH will look in the .ssh directory and try all keys if needed when attempted to authenticate.
A machine may contain both and authorized_keys file and a known_hosts file because it can be operating in the either role at different times.
Setting up SSH on a Mac or Linux Client
Check to see if key files already exist because you don't want to replace them if they might already be in use.
ls -la ~/.ssh/
Look for id_rsa_ _and id_rsa.pub
Generate the key files
ssh-keygen
Check that the key files have been properly generated
ls -la ~/.ssh/
Copy the public key to the buffer
cat ~/.ssh/id_rsa.pub
Select contents of file from screen and CTRL-c to put in buffer
Use a text editor and paste the key into the authorized_keys file on the server you wish to access.
Setting up SSH on a Windows Client
If you are using Windows 10, you have 3 options for creating the public/private key needed for SSH and running SSH.
- Use git bash to create keys and run SSH. When you download git to you windows machine, you will get the git bash program which will provide a bash interface. See this article on github.com: https://help.github.com/articles/testing-your-ssh-connection/.
- Use puTTYgen to create the public and private keys. Use puTTY to create an SSH Session from a GUI. See this youtube video for an example of how to use puTTY to connect to a server.
- Install a linux shell on your Windows 10 machine. This will create a new file system, so you need to keep this in mind if you're developing on the Windows file system. See instructions for setting up the Linux Shell for Windows in the WATS Lab FAQ.