Full Stack for Front End Engineers

Full Stack for Front End Engineers SSH

Topics:
Jem Young
Jem Young
Netflix

This course has been updated! We now recommend you take the Full Stack for Front-End Engineers, v3 course.

Check out a free preview of the full Full Stack for Front End Engineers course:
The "SSH" Lesson is part of the full, Full Stack for Front End Engineers course featured in this preview video. Here's what you'd learn in this lesson:

By talking about the problems of simple passwords, Jem further explores the concept of SSH and public key authentication.

Get Unlimited Access Now

Transcript from the "SSH" Lesson

[00:00:00]
>> Jem: All right, so now we're come to SSH. I know I told you I wouldn't do that so until you do something and I'll explained it, but SSH, I'll explain it now. All right, so SSH is Secure Socket Shell and it's a way of connecting to remote devices and there's two basic ways of doing that.

[00:00:19] there's username/password which we just did, so student was the username, password is I am a great engineer and there's also ssh key. And we're gonna find out why ssh key are preferential to login to a server. But for now, you can start off with just the username and password, that's probably the most basic way of getting in.

[00:00:38] But it's not the most secure of doing things and someone in the room tell me what's wrong with logging in with a password, without looking at the slides. Sorry?
>> Speaker 2: I was saying someone could just know your password.
>> Jem: Yeah, someone could break into it because humans in general we're so bad at passwords.

[00:00:58] So we make things easy to remember, and if it's easy to remember it's probably short, if it's short someones gonna break in.
>> Speaker 2: Especially in this case if it's easy to type.
>> Jem: Exactly, Exactly so these are some of the most commonly use passwords in the world. If I'm speaking to a room of a thousand people, at least 10 of these people have one of these passwords.

[00:01:17] I love password eight, my favorite is the last one. Cuz you know, servers like know, we like to make users more secure cuz we're bad at passwords. So we're gonna make the minimum length eight. So they say okay, one, two, three, four, five, six, seven, eight. It's, yeah, it's a never ending quest of security.

[00:01:35] And as security terrier reminds us, we have to always be vigilant. So, username/password is just a bad idea because people are always trying to break into servers. And the best is when you make some arbitrary, it's gotta be an uppercase letter and a symbol and two characters and your mother's maiden name and your dog's birthday.

[00:01:55] People just write it on a post-it note and put it on their computer because, I can't remember this password. Screw IT, screw security, humans, we're bad at remembering things, that's why we have a DNS system. So we don't have to remember IP addresses. So, we're not gonna use user name password anymore.

[00:02:12] It's just too insecure, it's too easy to break into, and people are always trying to break into a server. I know you probably can't use this, but this is just a quick snippet of my off-log. From my own personal server, like Jemyoung.com there's literally nothing interesting on it.

[00:02:27] [LAUGH] Literally nothing. But people are always trying to break in and this is the one day of people attempting to break in to my server. But I don't use a password on my server, I use an SSH key, why? Because people keep trying to guess. So what are they using here?

[00:02:41] They're using admin, [SOUND] lot of admins, tests, admin. Yeah, people are always trying to break in. That's, I'm gonna hit this later over and over and over again, but people want to steal your crap, all the time. It's just happening right now. As we speak, someone is trying to break into that server that we just logged into.

[00:03:02] So, we're gonna use something called Public Key Authentication, instead of user name, password. Because passwords are easily guessable even if you have a 21 character password, that's not that secure. This laptop could guess all the 21 password, like all the iterations of 21 length character password in seconds.

[00:03:20] Just this laptop. So we're not gonna use passwords, we're gonna use an SSH key. So, there's a question on how to check each person has logged into my server? We will go over looking at the auth log later. But, for now, you don't have a server, so don't worry about it.

[00:03:37] There's no one trying to break in yet. They will, [LAUGH] so public key authentication. We're gonna make an SSH key here shortly. What that means is you have a public key, you have a private key. The public key is the one that you put onto the server. What's the best analogy for it?

[00:03:56] It's like a two-way lock essentially, public key in encrypts everything. But the only way to decrypted it is with your private key. The private key you never, ever, ever give out. But your public key, I can hand it out like a business card, like here you go, here you go, here you go, here you go.

[00:04:12] And that's the great thing about public key authentication. Is I could put it on Twitter, I could put it anywhere and I could say hey, I wanna give myself the ability to log into your server. Here's my public key. And since I have the private key, I'm the only one that can login, even though you have the public key.

[00:04:32] It's such a fantastic system. And so we're gonna make an SSH key right now. The public key goes on your server, your private key stays on your computer. And we're gonna look at the private key and see why, I won't say unbreakable cuz everything's breakable with enough time and money.

[00:04:51] But it's as close to unbreakable as we can get with current technology.