SSH (Secure SHell) is used in order to use one computer to control another computer. This can be done over insecure networks (like the Internet) because of the cryptography used to protect the data transferred between the computers involved.
In this example, I use Parrot Security OS (a hacking-oriented operating system based on Debian Linux) as the computer that I physically touch and interact with. The other computer (which I remotely control) is my Raspberry Pi single-board computer (SBC), which I have already installed Ubuntu Server on. Ubuntu Server is another Debian-based Linux distro, but the “Server” part of its name means that it only comes with the command-line interface (CLI) and not a graphical user interface (GUI) which most people are used to. By the way, none of these links are affiliates. Feel free to try out substitutes (like a cloud server instead of a Raspberry Pi, Linux Mint instead of Parrot Security, etc.)
Having a CLI means that you do not have the same experience of navigating your computer like the 2-D world of the GUI, but it does reduce the storage footprint of your OS (Graphics take up a lot of space.) Using a CLI can speed up your computer’s processes, and (once you get the hang of it) can also speed up your own processes of navigating your computer. Plus, when you use a CLI, it makes you look like a total badass in front of your friends and family!
To start, you need to make sure that you have SSH already on both computers. From what I recall, both of my computers in this situation included SSH capability automatically when I installed each OS.
In this example, I assume:
You already have an account with the server that you are trying to SSH into,
You know your username, password, and IP address for the host that you want to SSH into.
How to SSH
Open a terminal and type the following command. Replace “USERNAME” with your actual username and “IP_ADDRESS” with your actual IP address. Keep in mind, these credentials are for the target computer, not the computer you are already using.
Press the “Enter” key.
The server will prompt you to enter your passphrase (again, for the target computer).
After typing your passphrase, press “Enter”.
If you are prompted whether you are sure or not that you want to connect, select in the affirmative (unless you don’t want to connect. I’m not the boss of you).
You should now be connected to the target computer. Congratulations!
Notice how the username and hostname of your command prompt has changed. Here is a picture of my original terminal (left) for my Parrot Security computer, and my SSH terminal (right) for my remote server.
While normally you are only capable of controlling only the computer that is physically present where you are, SSH-ing into another machine enables you to choose which machine you use to perform tasks.
“jonathan@parrot” means that I am interacting as the user “jonathan” on the machine named “parrot”.
Likewise, “flossboss@smartsauce” means that I am interacting as the user “flossboss” on the machine named “smartsauce”. However, if you use a similar arrangement to what I have set up here, your remote server terminal will probably look more like “ubuntu@ubuntu”, since that is the default for Ubuntu Server. I have already changed both my username and hostname for this server, so that is why it looks unique.
Once you are finished with what you wanted to do through your remote server, you can close the connection by typing the following simple command in your remote terminal.
Regardless of your political beliefs, basic cybersecurity practices are essential. Choose strong passwords (the longer and more diverse the characters, the better!). Manage your passwords well using a password manager so you don’t forget all of them (many modern browsers have this feature built into them already). If you suspect malicious actors may have compromised an online account of yours, changing your password and logging-out of all other sessions can help.
DISCLAIMER: nothing posted here is legal, financial, investment, cybersecurity, or any other type of professional advice. This content is posted for educational purposes only. #NotLegalAdvice
Imagine you and your friends are planning a protest, but you fear that if the local authorities find out ahead of time, they might try to stop you. How do you prevent the authorities from discovering what your plans are?
Your friends live too far away from each other for you to hold an in-person meeting, and the COVID-19 lockdowns also make such physical meetings illegal. You have to send messages to each other, but you suspect the police are monitoring your Internet connections and your phone conversations.
How can you and your friends communicate privately so that your protest is successful?
Find out how in this video.
Brief summary of subject matter and use cases.
In order to send private messages to your friends, you need to master the art of making the meaningful turn into the nonsensical and making the nonsensical turn back into the meaningful.
No, I’m not talking about philosophy.
I’m talking about cryptography.
When you encrypt a message, it means you take a message that looks like this…
Let’s have a protest in front of the Liberpolis capitol building at noon on Jefferson’s birthday.
Wear your uniforms and bring your signs.
Let’s make sure our lawmakers know that we care a lot about this issue!
That encrypted message (cyphertext) can then be sent over the Internet to your friends.
If law enforcement were to intercept your message, they would then see the cyphertext, not your actual message. Depending on how complicated your encryption mechanism is, they could try to decrypt it by having their computers do a bunch of guessing (brute force), but to do so would probably be extremely hard for them, if not practically impossible, since there is an astronomical number of possible ways to decrypt it, with only one of them being correct.
So your message is now supposedly safe from being deciphered by the authorities, but how can your friends understand it?
Depending on the encryption scheme you are using, each of your friends could need a “key” sent from you in order to decrypt it, or they could be able to decrypt it with a “private key” which they and they alone already have. It gets kind of complicated, but from all indications, it works.
Therefore, because you and your friends used the power of encryption, you were able to keep your plans a secret and hold the protest as planned. Well done!
Why encryption is important
Encryption enables multiple parties to communicate without eavesdroppers understanding what they are saying to each other. It is almost like two people speaking to each other in a completely unique language in the presence of a crowd who is ignorant of that language.
This makes encryption extremely useful, especially for those who want to Outsmart Big Brother.
If you are an everyday citizen in a reasonably free country, encryption hopefully is used to keep your financial, medical, and other private information safe from malicious hackers (“crackers”). You could also use encryption for random stuff that you simply believe is “nobody else’s business,” like that ancient photo of 2-year-old you picking your nose.
On the other hand, if you are a whistleblower, activist, or a journalist living under an authoritarian regime, encryption could literally mean the difference between life and death.
Everyone who wants to defend freedom must understand at least a little bit of the importance of encryption and how to use it. Even if your country is relatively free and politically stable for now, you never know when the need for encryption could arise.
How to encrypt
Here are some examples of how to use encryption in your everyday life.
Use https:// to encrypt your usernames, passwords, and other info exchanged between you and a website. The “s” in “https” is especially important here. Often, when you are using https, your browser will let you know by showing a little lock icon near the address bar. One time I was trying to login to a WordPress-based website and realized that I had submitted my username and password into it while not being protected by https. I was in http. Since I knew that a hacker could have been monitoring my Internet traffic, I decided to immediately switch to https and change my password.
Use a Virtual Private Network (VPN) to mask your IP address. A VPN basically means that another computer that is far away from you interacts with the Internet on your computer’s behalf and sends encrypted data back and forth. It can help make you anonymous online. But beware, many traditional institutions (like banks) will assume you are a malicious hacker if you try to login while connected using a VPN. You will also be required to complete more annoying CAPTCHAs, since many sites care more about protecting themselves against DDoS attacks (a type of hack attack using many computers to overwhelm a website with requests) than about being privacy-friendly.
Switch to an end-to-end encrypted (E2EE) email provider. I personally use both ProtonMail and Tutanota and I consider them both to be excellent choices. ProtonMail is based in Switzerland; Tutanota is based in Germany. Both offer a free version and premium features (like custom domains) for those who are willing to pay. Both are encrypted. Both are outside the U.S. (LavaBit was a similar encrypted email service that failed because it was a U.S. business in the Snowden Era). If you are looking for an alternative to the Google G-Suite, then I would go with ProtonMail since they seem to have a more developed “Proton”-Suite that they are in the process of expanding, including ProtonVPN, ProtonCalendar, ProtonDrive, etc.
Use an E2EE chat app like Signal or Threema. I use both. While Signal requires a phone number to use, Threema does not, which could be a deal-breaker for those who value absolute anonymity. While WhatsApp does claim to be E2EE, the fact that it is owned by Facebook means that you are letting a “fox” of privacy violations guard your “henhouse” of private communication. Why worry about Facebook sneaking into your chat? Just use one of the other options.
If you are configuring a Linux distro, choose the option to encrypt your hard drive. This will mean using two passwords every time you login to your computer, but it will make it much harder for somebody to physically access your data after you shut down your computer. If you can barely handle keeping track of one password, then ignore that last part about encrypting your own hard drive.
How encryption could be used against you
Just like how encrypting your own data makes it harder for attackers to access it, the tables could also be turned against you when the attacker is the one who encrypts your data, like with WannaCry.
WannaCry is a type of ransomware that caused a lot of problems for its victims. It encrypted the data on their computers and demanded a ransom of Bitcoin in exchange for the user (supposedly) getting their data decrypted. Of course, with criminals you can never really know whether they are telling the truth, since they could theoretically keep demanding more and more money even after the victim sends the original ransom.
Why governments generally do not like widespread encryption
For all its benefits to people who want to remain private, encryption also can stand in the way of governments performing surveillance on them. Since the state is responsible for enforcing laws against things like terrorism, money laundering, and other shady activities, the mass-adoption of encryption makes their job harder. However, when the government takes action to oppose encryption (like requiring backdoors for law enforcement), it often violates the right to privacy of the individuals whose data is no longer private.
For those more interested, check out the story of when the NSA tried to create a hardware backdoor to encryption called the “Clipper Chip.”
There is still a TON of stuff that I need to learn about the details of how public key cryptography is able to actually work. We’ve barely scratched the surface here but hopefully this video helps you to be able to use encryption more in your own life.
My challenge to you all this week is…
Find something that you need to encrypt and DO IT. Let me know in the comments what things you are starting to encrypt.