Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
147
hpr_transcripts/hpr1850.txt
Normal file
147
hpr_transcripts/hpr1850.txt
Normal file
@@ -0,0 +1,147 @@
|
||||
Episode: 1850
|
||||
Title: HPR1850: 18 - ssh Introduction
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1850/hpr1850.mp3
|
||||
Transcribed: 2025-10-18 10:07:41
|
||||
|
||||
---
|
||||
|
||||
This is HPR Episode 1,850 entitled, 18 SSH Introduction and is part of the series, Privacy and Security.
|
||||
It is hosted by AHUKA and is about 17 minutes long.
|
||||
The summary is, SSH is the secure way of connecting to remote computer.
|
||||
This is an introduction to a miniseries.
|
||||
This episode of HBR is brought to you by An Honesthost.com.
|
||||
Get 15% discount on all shared hosting with the offer code HBR15, that's HBR15.
|
||||
Better web hosting that's honest and fair at An Honesthost.com.
|
||||
Hello, this is AHUKA, welcoming you to Hacker Public Radio and another exciting show in our
|
||||
ongoing series on security and privacy and what I'm going to do now is this is going to be the first of what will be a number of shows that are going to deal with a tool called SSH, which I think is a very important tool, important part of your security toolkit and I think we can explain how to use it and get the most out of it.
|
||||
So this is my introduction to SSH.
|
||||
Now one of the interesting things about the internet is that it was not designed for security and kind of happened almost accidentally.
|
||||
The early researchers, people like JCR, Licklider and VentSurf were mostly interested in facilitating communication between university researchers and assumed that anyone they were in contact with was another good guy.
|
||||
It was only when the internet started to take off in the 1980s and 90s that anyone began to pay attention to this stuff.
|
||||
Now technologies like JavaScript and SSL were introduced by Netscape for instance, though they have since been adopted by the whole internet.
|
||||
Now in the early days, if you wanted to log on to a remote computer to do some work, you would probably use a program called Telnet to do this.
|
||||
Telnet would let you log in to a remote Unix machine if you had an account on it.
|
||||
And once logged in, you could do anything your account was authorized to do.
|
||||
And if you had root access, it could be just about anything.
|
||||
I recall my first introduction to this in the 1990s when I was managing the website of my university.
|
||||
I was given a shell account on our Red Hat server that also housed the website and sternly warned not to do anything to screw it up.
|
||||
I would telnet into the server from my desktop to do things like Chamod, the CGI scripts and similar things we needed to do with websites in those days.
|
||||
And I'm sure the old timers among you will remember all of that good stuff.
|
||||
Now this worked reasonably well, but the problem with telnet is that it was never designed to create a secure connection.
|
||||
And since this server had our website, it was perforce exposed to the whole internet.
|
||||
If you combine an unsecure connection with a man in the middle attack or with vulnerabilities in the telnet program that allowed an attacker to get in and even escalate their privileges, you can see why this became an issue.
|
||||
Now in 1995, there was a password-sniffing attack on the network of the University of Helsinki in Finland.
|
||||
And this led a researcher there, and I'm sorry because I'm probably not going to pronounce his name properly.
|
||||
Tatu Yelonen to create the first SSH implementation.
|
||||
SSH is an acronym for Secure Shell, and expresses the idea that you can securely log in and get a shell on a remote server.
|
||||
This was initially released as free software, but in later versions he took it to proprietary.
|
||||
But by that point, the developers at OpenBSD decided that a free software implementation was needed, and they created OpenSSH, which is the basis for most implementations today.
|
||||
And while SSH was initially intended for unix-like environments, which came to include Linux, the OpenBSD developers created a portability branch to make it available to any operating system.
|
||||
So if you are running a Windows environment, you can use SSH just as easily.
|
||||
If you want a little more detail on all of this, historical stuff, consult Wikipedia, I've got a link in the show notes that will take you to the article.
|
||||
But, SSH, what are the design considerations here?
|
||||
Okay, SSH was designed to do several things.
|
||||
Number one, create a secure and private communication between two different machines.
|
||||
Now, the only way to do that is to use encryption.
|
||||
Fortunately, we've done a lot of discussion about encryption up until now, which has laid the groundwork for all of this.
|
||||
So we're in good shape to proceed now with SSH using all the things that we already know.
|
||||
Second, design consideration, establish the integrity of the communications to ensure that messages have not been altered on route.
|
||||
Again, encryption makes this impossible, and it's something that we have discussed.
|
||||
Third, authenticate both parties to the conversation to prove their identities.
|
||||
And again, encryption makes this possible.
|
||||
You know, really, one of the things you discover when you start getting into this is that there are fundamental things encryption does, and they get applied over and over.
|
||||
We first looked at it when we were talking about encrypting email.
|
||||
And we looked at signing email and encrypting email and public keys and private keys and all of this.
|
||||
And then when we looked at a TLS, we found, oh, it just uses exactly the same technology to do exactly the same thing.
|
||||
And we're going to see with SSH, it uses exactly the same technology to do exactly the same thing.
|
||||
In a way, that's really good because once you start to understand the fundamentals, it becomes very easy to just apply that in a different environment.
|
||||
And this is why encryption is so fundamentally important to security all over the internet, and is one of the reasons why security experts keep telling the government, no, you can't weaken encryption and somehow make things more secure.
|
||||
It doesn't work that way.
|
||||
Now, as regards authentication, SSH can be done using passwords, but you don't want to.
|
||||
That's a very weak form of authentication.
|
||||
If you're serious about security, you should authenticate using a key.
|
||||
Now, our old friends, the public private key pair, come in at this point.
|
||||
And as I said, we've already seen pretty much how that works with email and with certificates.
|
||||
Now, it's not perfect, of course, but it reduces the chances of an attack very significantly.
|
||||
Note that even if you are using password authentication, there is encryption and key exchanging going on.
|
||||
That is necessary to accomplish the first two of the above goals, which is to ensure that we have secure communication and that the messages have not been altered.
|
||||
The password simply gets out of the thing about authentication.
|
||||
And you don't want to do it, and we're going to explain how not to do it.
|
||||
Now, encryption and tunneling.
|
||||
The basic idea in SSH, just as with virtual private networks, is to use encryption to create secure communications between two different systems.
|
||||
Now, it has become customary to refer to this type of connection as a tunnel.
|
||||
This is a metaphor, and like all metaphors, it both illuminates some things and obscures others.
|
||||
The idea of a tunnel does help to get across the security of the connection in that if it is done properly, the outside world cannot see what is going on.
|
||||
The encryption does work if you do it right.
|
||||
And as Bruce Schneyer famously said in the wake of the Snowden revelations, you can trust the mathematics.
|
||||
However, the metaphor somehow implies to people that this traffic is flowing in some other place than the rest of the internet, and that is simply untrue.
|
||||
All tunnel traffic flows to the same routers and switches as all other internet traffic, and is made up of the same kinds of packets.
|
||||
If you are on a network where someone is using SSH, you can see the packets using wireshark or other similar software.
|
||||
You would not be able to see anything in the payload of each packet other than random noise because of the encryption.
|
||||
It is important to understand the mechanisms and how they work if you are going to be secure, since otherwise you might make a mistake and open yourself to an attack.
|
||||
So what are some of the uses of SSH?
|
||||
It was originally designed, as we said, just to create a secure shell session on a remote server.
|
||||
I am going to be stumbling over my sibilance all through this I can tell.
|
||||
But it has been extended in a number of interesting ways which we will look at in upcoming tutorials.
|
||||
For example, SSH can be used to create a tunnel.
|
||||
It can be used to forward TCP ports. It can be used to create X11 connections.
|
||||
And that is one of the nice features about X11 is that you can actually forward your desktop from one system to another and do remote work that way.
|
||||
It can be used to securely transfer files using something called SFTP.
|
||||
It can be used to securely copy files using SCP secure copy.
|
||||
And it can securely mount a remote file system using SSHFS.
|
||||
So a lot of good uses and you can see why this is going to be like a mini series here when we get into what we can do with SSH.
|
||||
Where do you get it? That might be your next question.
|
||||
Well, SSH uses the client server model. Generally, you are coming from a desktop.
|
||||
You want to connect to a remote server.
|
||||
If the server is Unix or Linux, it should have SSH installed and properly configured if the sibilance are any good at all.
|
||||
So I would assume if it's a Unix or Unix Lake environment, you got SSH there. Don't even think about it.
|
||||
Now, on Windows servers, it may need to be installed. This is not difficult.
|
||||
For any Windows sibilance out there, I've got a link in the show notes for an article that explains how to install it on a Windows 2008 server.
|
||||
If you're using something else, I would just say Google is your friend.
|
||||
It's not hard to find out this stuff. Now, the other part is the clients.
|
||||
Again, any Unix Lake systems will have the SSH client installed by default.
|
||||
So Unix, Linux, Mac OS, which is BSD derived, all flavors of BSD.
|
||||
So you should have the SSH client there by default.
|
||||
For Windows, again, it's an installation.
|
||||
If you're a Windows user, I recommend a software called PuTTY.
|
||||
This is free software. It is distributed under the MIT license and complies with the Debian free software guidelines.
|
||||
So it's pretty good stuff.
|
||||
Now, there are several PuTTY applications since they use different applets for each of the capabilities.
|
||||
So one is for Secure Shell, another is for Secure FTP, and so on.
|
||||
Now, there's a useful manual for Open SSH and for the various applications that make up all of Open SSH.
|
||||
And that manual can be found at OpenSSH.com slash manual.
|
||||
I will have the link in the show notes as well.
|
||||
From here, you can see that the applications which make up all of OpenSSH include SSH,
|
||||
which is the basic RLogin RSH like client program.
|
||||
SSHD, the Debian that permits you to log in, SSH config, the client configuration file,
|
||||
SSHD config, the Debian configuration file.
|
||||
SSH agent, an authentication agent that can store private keys.
|
||||
SSH add, a tool which adds keys to the above agent.
|
||||
SFTP, an FTP-like program that works over SSH1 and SSH2 protocol.
|
||||
SCP, the file copy program that acts like RCP, SSH key gen, a key generation tool, SFTP server.
|
||||
The SFTP server subsystem, which is usually started automatically by SSHD.
|
||||
SSH key scan, a utility for gathering public host keys from a number of hosts,
|
||||
and SSH key sign, a helper program for host based authentication.
|
||||
So, this is all the stuff that you might want to be thinking about.
|
||||
If you want to follow along with this, I would say first, make sure you have your software in order.
|
||||
If you are on Linux or a Unix related program or BSD or Mac, it should be there,
|
||||
but just do a check, open up the terminal and run SSH and see what happens and make sure everything is installed.
|
||||
If you are on Windows, make sure, and I am going to assume for most of you it means client,
|
||||
make sure you install putty and have that ready to go, and then we will start showing you in the next tutorial how to use all of that.
|
||||
Now finally, there are some resources here.
|
||||
This can start to get a little bit heavy going, so you want to have the resources.
|
||||
As I mentioned, the open SSH manual, and that is linked to that as in the show notes.
|
||||
There is a book by a fellow named Michael W. Lucas called SSH Mastery, Subtitle Open SSH Putty Tunnels and Keys.
|
||||
Michael Lucas is a great writer, he does a lot of technical writing, very sharp, so I recommend the book highly when it doesn't cost that much.
|
||||
Then there is a video called the Blackmagic of SSH. Subtitle SSH can do that by fellow named Bo Jeans, and I put a link to that in the show notes.
|
||||
Finally, if you are all interested in security, you might want to look in on a series, a video series called Hack 5, which is available on YouTube or over the internet.
|
||||
There are some episodes that really focus a lot on this. Everything from 11.08 to 11.17, and then 11.19, for instance, are ones that do focus on this.
|
||||
I've got a link to the Hack 5 that I've put into the show notes as well.
|
||||
You've got some resources, so what I would say is start doing a little reading, maybe view a video or two, and make sure you have your software installed, and you'll be ready for the next one.
|
||||
This is Ahuka for Hacker Public Radio, signing off and reminding you as always to support free software. Bye-bye.
|
||||
You've been listening to Hacker Public Radio at HackerPublicRadio.org. We are a community podcast network that releases shows every weekday, Monday through Friday.
|
||||
Today's show, like all our shows, was contributed by an HBR listener like yourself. If you ever thought of recording a podcast, then click on our contributing to find out how easy it really is.
|
||||
Hacker Public Radio was founded by the digital dog pound and the Infonomicon Computer Club, and is part of the binary revolution at binrev.com.
|
||||
If you have comments on today's show, please email the host directly, leave a comment on the website or record a follow-up episode yourself.
|
||||
Unless otherwise status, today's show is released on the creative comments, attribution, share a light, free.or license.
|
||||
You
|
||||
Reference in New Issue
Block a user