diff --git a/content/fundamentals/images/manettaserver.svg b/content/fundamentals/images/mserver.svg similarity index 100% rename from content/fundamentals/images/manettaserver.svg rename to content/fundamentals/images/mserver.svg diff --git a/content/fundamentals/images/thomasserver.svg b/content/fundamentals/images/tserver.svg similarity index 100% rename from content/fundamentals/images/thomasserver.svg rename to content/fundamentals/images/tserver.svg diff --git a/content/fundamentals/ssh.md b/content/fundamentals/ssh.md index 084bad9..a715524 100644 --- a/content/fundamentals/ssh.md +++ b/content/fundamentals/ssh.md @@ -39,6 +39,7 @@ The SSH ecosystem is very well established. It is available on all modern GNU/Li distributions, MacOS and Windows. You can use your home server or if you don't have one yet you can use your own personal laptop to experiment (in this case, your laptop will play the role of both the server and client as explained later). + The commands shown in this guide were run on a [Debian Stretch] distribution but the actual tool names should be the same on other distributions. @@ -65,6 +66,8 @@ It is important to understand the client/server architecture of SSH. If you are remotely connecting to your home server from your laptop, then your laptop is the client and the home server is the server. +![]({attach}images/mserver.svg){: class="img-right"} + There are two packages which contain all the tools that the OpenSSH tool suite provides. The [openssh-server] and [openssh-client] packages. @@ -127,11 +130,14 @@ As we have seen so far, connecting to an SSH server using password authorisation is relatively simple. However, password authorisation is typically recommended against due to [security considerations]. +![]({attach}images/tserver.svg){: class="img-left"} + Security is relative and you may not be concerned with defending against a [brute-force attack]. However, since other methods of authorisation are so commonly used and often the source of of problems when dealing with SSH connectivity, we will also cover this topic also. + [security considerations]: http://docs.hardentheworld.org/Applications/OpenSSH/#disable-password-authentication [brute-force attack]: https://en.wikipedia.org/wiki/Brute-force_attack @@ -172,6 +178,7 @@ These values should match the ones you were first shown. Where the `ECDSA` in the first message corresponds to the key file name in `/etc/ssh/`. The SSH server will generate key pairs for each algorithm it supports. + As you have accepted your server host key fingerprint, the public key of the server will be placed in your `$HOME/.ssh/known_hosts` file on your client where it will be remembered for future connections.