SSH

Cryptographic network protocol that enables secure remote access and communication with a computer system over an untrusted network.

Explained at: Linux Essentials/SSH

Syntax

##SSH Client
ssh user@IP                        #Basic connection, will ask if we trust the fingerprint and save it on .ssh/known_hosts then asks for the password of the user you are connecting to
ssh user@IP -p n                   #Specify port to connect, by default ssh goes on port 22
ssh-keygen                         #Generate a asymmetric key pair, by default RSA and stored in ~/.ssh/ as id_rsa and id_rsa.pub !!Careful if writting the same name it will overwrite existing key
ssh-keygen -t <type>               #Specify asymmetric algorithm to use: dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa !By default the standard rsa
ssh-keygen -C "comment"            #Adds a comment at the end of the public key, if not added by default will be your "username@hostname" 
ssh-copy-id -i ~/.ssh/pubkey.pub user@IP #Directly copies the specified public key into the authorized_keys file of the speficied server
ssh -i ~/.ssh/privateKey user@IP   #Connects using the specified private key, expects its public matching key to be at the server's authorized_keys file
ssh-add ~/-ssh/privateKey          #Uses the ssh-agent to store the private key credentials in cache memory until closing the session, so you only have to input the password 1 time


##SSHD(Daemon) Server
#For debian-based it's "ssh", other distros could use "sshd"
systemctl start ssh              #Starts sshd service
systemctl status ssh             #Check sshd service status
systemctl restart ssh            #Restart the sshd service
systemctl stop ssh               #Stops the sshd service !Will NOT close already established connections
systemctl enable ssh             #Starts sshd service automatically at system start
systemctl disable ssh            #Disables sshd service from starting automatically at system start          

#In /etc/sshd_config file - Uncomment to activate - Restart to apply changes
Port n                            #Establish port to listen for ssh connections
PermitRootLogin yes|no            #Establish if you are able to login as root via ssh  ?For security, if the user you will connect already has sudo or you are not the sysadmin its recommended to "no"
PermitRootLogin prohibit-password #Root will be able to login, but only using public key authentication, not password
PasswordAuthentication yes|no     #Establish if users will be able to login via password, if "no" they will need public key authentication ?"no" and using public key are considered best practice
#"Permission denied (publickey)" error indicates that the server has password authentication disabled