Good Morning from my Robotics Lab! This is Shadow_8472, and today, I am glad to say I have finally learned how to beat SSH keys into submission. Let’s get Started!
Computer security is important to get right. The moment you connect to the Internet, you potentially have a near infinite number of burgles trying to break into your device. That is why we have virus scanners and firewalls. SSH is an important and powerful tool for working with headless computers, but if mishandled, it can open a hole in your network security. That is why I always make sure I know what I’m doing and that someone else knows what I’m doing. Because if I don’t get things right, I may be looking at a dozen or so weeks learning about removing malware. If you are trying to learn any skills that can likely compromise your computer security, please seek supervision from someone who already knows how to do it safely.
I spent a lot of time in the workshop this week because I wanted to be sure I was being safe. Like my pile of sand a week or two ago, I had to learn a lot before the final pieces clicked.
SSH (Secure Shell) is a secure way of logging into another computer over a connection that can be assumed to have anyone may be listening in. When set up with SSH keys, a client program first asks the server for its host key. If the host key looks familiar, it’s probably the server the client thinks it’s connecting to. If not, the second layer of protection, host keys, let the client and host negotiate a way to scramble their conversation without eavesdroppers understanding.
Setting SSH up correctly is a bit more tricky to understand. I’ve heard there are lots of tutorials to disable the host key check because it’s annoying. Seat belts are annoying, but if they protect you even just once, they save you a lot of hurt in the long run. I don’t understand the differences between each host key, but from what I can tell, each computer, or at least each server, has one for each type of encryption. Blinky, my Raspberry Pi, came with at least six host keys.
Final Question: one of the challenges I had setting things up was being sure I was connecting to the server I was connecting to. Granted, it would have been safe in that instant to just click through. When was the last time you spent a lot of time figuring out why something works instead of just accepting it works for now and moving on?