Friday 1 October 2021

Linux Secure Shell (ssh) Interview Questions And Answers

ssh stands for “Secure Shell”. It is a protocol used to securely connect to a remote server/system and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client–server model.


1. What is the default port & configuration file of SSH Server ? How to change the port of SSH?

Ans: SSH is configured on port 22, by default and ‘/etc/ssh/sshd_config’ is the configuration file. 

To change the port of SSH, we need to modify the configuration file of SSH which is located at ‘/etc/ssh/sshd_config‘ [On Red Hat based systems] or ‘/etc/ssh/ssh_config‘ [On Debian based systems].

Searh for the Line,

Port 22

And replace ‘22‘ with any UN-engaged port Number. Save the file and restart the SSH service to take the changes into effect.

# service sshd restart [On Red Hat based systems]

# service ssh restart [On Debian based systems]


2. As a security implementation, you need to disable root Login on SSH Server, in Linux. What would you suggest?

Ans: We need to change the parameter ‘PermitRootLogin’ to ‘no’ in the configuration file to disable direct root login.

To disable SSH root login, open the configuration file located at ‘/etc/ssh/sshd_config‘ or ‘/etc/ssh/ssh_config‘.

Change the parameter ‘PermitRootLogin‘ to ‘no‘ and restart the SSH service as show above.


3. What is the difference between SSH and Telnet? What you prefer? And why?

Ans: Both SSH and Telnet are network protocol to connect and communicate with another machine over n/w. I prefer SSH.

SSH                           Telnet

Port 22                           Port 23

communication between client & server is encrypted.   Not encrypted (plain text).

SSH uses a public key for authentication.           Telnet does not use any authentication.

Secure                            Not secure compared to SSH


4. Is it possible to login to SSH server without password? How

Ans: Yes! It is possible to login to a remote SSH server without entering password. We need to use ssh-keygen technology to create public and private keys.

Create ssh-keygen using the command below.

$ ssh-keygen

Copy public keys to remote host using the command below.

$ ssh-copy-id -i /home/USER/.ssh/id_rsa.pub REMOTE-SERVER

Note: Replace USER with user name and REMOTE-SERVER by remote server address.

The next time we try to login to SSH server, it will allow login without asking password, using the keygen. 


5. How will you allows users and groups to have access to SSH Sever?

Ans: Yes! It is possible to allow users and groups to have access to SSH server.

Here again we need to edit the configuration file of SSH service. Open the configuration file and add users and groups at the bottom as show below and then, restart the service.

AllowUsers Tecmint Tecmint1 Tecmint2

AllowGroups group_1 group_2 group_3


6. How to add welcome/warning message as soon as a user login to SSH Server?

Ans: In order to add a welcome/warning message as soon as a user logged into SSH server, we need to edit file called ‘/etc/issue’ and add message there.

# nano /etc/issue

And add your custom message in this file. See, below a screen grab that shows a custom message as soon as user logged into server.

SSH Login Banner

SSH Login Message


OR


 Create a file with preferred texts anywhere.

# vi /etc/ssh/mybanner.txt

This server is for authenticated users... Your activities are under surveillance.

Add the file location and Restart SSH daemon.

 Banner /etc/ssh/mybanner.txt


7. SSH has two protocols? Justify this statement.

Ans: SSH uses two protocols – Protocol 1 and Protocol 2. Protocol 1 is older than protocol 2. Protocol 1 is less secure than protocol 2 and should be disabled in the config file.

Open the SSH configuration file and add/edit the lines as shown below.

# protocol 2,1

to

Protocol 2

Save the configuration file and restart the service.


8. Is it possible to trace unauthorized login attempts to SSH Server with date of Intrusion along with their corresponding IP.

Ans: Yes! we can find the failed login attempts in the log file created at location ‘/var/log/secure’. We can make a filter using the grep command as shown below.

# cat /var/log/secure | grep “Failed password for”


9. Is it possible to copy files over SSH? How?

Ans: Yes! We can copy files over SSH using command SCP, stands for ‘Secure CopY’. SCP copies file using SSH and is very secure in functioning.

A dummy SCP command in action is depicted below:

$ scp text_file_to_be_copied Your_username@Remote_Host_server:/Path/To/Remote/Directory


10. Is it possible to pass input to SSH from a local file? If Yes! How?

Ans: Yes! We can pass input to SSH from a local file. We can do this simply as we do in scripting Language. Here is a simple one liner command, which will pass input from local files to SSH.

# ssh username@servername < local_file.txt


11. What is SSH port forwarding ?

Ans: SSH Port Forwarding, sometimes called SSH Tunneling, which allows you to establish a secure SSH session and then tunnel arbitrary TCP connections through it. Tunnels can be created at any time, with almost no effort and no programming.

# ssh -L localport:host:hostport user@ssh_server -N

where:

-L – port forwarding parameters

localport – local port (chose a port that is not in use by other service)

host – server that has the port (hostport) that you want to forward

hostport – remote port

-N – do not execute a remote command, (you will not have the shell)

user – user that have ssh access to the ssh server (computer)

ssh_server – the ssh server that will be used for forwarding/tunneling

Without the -N option you will have not only the forwarding port but also the remote shell.


12. How to enable debugging in ssh command ?

Ans: To enable debugging in ssh command use ‘-v’ option like ‘ssh root@www.linuxtechi.com -v’. To increase the debugging level just increase the number of v’s.


13. What is use of sshpass command in linux ?

Ans: sshpass is a command which allows us to automatically supply password to the command prompt so that automated scripts can be run as desired by users. sshpass supplies password to ssh prompt using a dedicated tty , fooling ssh to believe that a interactive user is supplying password.

# sshpass -p PaSsWoRd ssh root@remote.host


14. What is the use of blowfish options in scp command ?

Ans: Using blowfish options in scp command , we can increase the speed, by default scp uses the Triple-DES cipher to encrypt the data being copied.

Example : scp -c blowfish /home/itstuff.txt root@mail.linuxtechi.com:/opt/


15. How to limit the bandwidth used by scp command ?

Ans: We can limit the bandwidth used by the scp command using the -l option as shown in the syntax.

# scp -l bandwidth_limit filename username@remote-host:/folder-name, where bandwidth_limit is numeric to be specified in kilobits per second.


16. How to check SSH server’s Version ?

Ans: Using the command ‘ ssh -V ‘ we can find the ssh server’s version.


17. How to Copy the file “server.txt” from the local machine to a remote host using port 2751 in /opt folder.

Ans:  scp -P 2751 /home/server.txt root@mail.linuxtechi.com:/opt


18. Commonly using SCP switches?

Ans : We already explained the “P” and “-c blowfish” switches usages. Other commonly using switches are “r” “p” and “u.”

-p : Preserves modification times, access times, and modes from the original file.

-r : Recursively copy entire directories.  Note that scp follows symbolic links encountered in the tree traversal.

-U : Remove source files after coping them to the destination.


19. What is “AddressFamily” directive in SSH configuration stands for?

Ans : This directive is used to limit the SSH access to specific subnet. It will increase the security again. No one other than the given subnet network can’t access the server over SSH.

Add your preferred sub net details and restart SSH daemon.

 AddressFamily 132.143.45.0/24


20. What is Listen Address in SSH configuration?

Ans : This directive specify which interfaces on the server is ready for connections from outside the n/w. Consider the scenario, your server has 6 different IP addresses and you want to configure SSH in such a way that, only permit SSH access to a particular IP address.

Add the IP address and restart SSH daemon.

 ListenAddress 125.120.11.00 (Example)


21. What purpose is assigned for “LoginGraceTime?”

Ans : By default, its value is 2 minutes. Which means when you access the server using SSH, you have 2 minutes to complete the connection with exact credentials.

Syntax

 LoginGraceTime 2m


22. What do you mean by SSH cipher? What are the different types of ciphers in SSH?

Ans : Cipher is an algorithm to perform encryption and decryption. Different types of cipher supported by SSH are:

blowfish

des

3des

Arcfour

AES


23. How do you access GUI using SSH connection?

Ans : SSH will also support of transferring X11 forwarding, we have to use options called -XY to open server GUI app from client.


24. Can You Briefly Explain The Working Of Scp?

Ans : SCP stands for Secure Copy. It transfer files over n/w securely. SCP is based on SSH protocol and it uses the SSH port by default.

Working principle:

Client initiates an SSH connection to the remote host, and requests an SCP process to be started on the remote host.

Remote SCP process can operate in two modes.


2.1 Source mode

In this mode, SCP on remote host read files from HDD and send them back to the client machine.

2.3 Sink mode

Which accept the files sent by the client and write them to the disk on the remote host.

Syntax is same as the base Linux copy command.


25. Explain the working of SSH protocol.

Ans: SSH is working on the concept of the client-server model. 

The client sends the request to the remote computer. You can consider the remote computer as a server here.

Both the client and server agree on a large prime number(also called seed value). Also, both parties agree on an encryption generator (AES, 3DES etc.) to manipulate the seed value.

Both client and server generating a private key by using another prime number independently. The public key will be generated by using the private key, encryption generator and shared prime number independently.

Both parties share public key with each other. By using the public key, the client and server ensure the identity of each other by using the public key cryptography.

Both client and server independently use the private key, other party's public key, and the large shared prime number to generate the symmetric key.

Once a symmetric key generated, data will be encrypted by using it.


26. How many types of Key types SSH supports?

RSA

DSA

ECDSA

ED25519


27. Where SSH will store its trusted ssh client keys?

By default when ever your trying to connect to remote SSH host for the first time it will ask you to confirm Yes/No as soon as we say yes, it will copy public key pair to ./ssh/known_hosts


28. How to Enable only Key based authentication?

Ans: This feature provides more/high security because any user can’t login without SSH key.

Note: We have to disable user login to SSH.

#RSAAuthentication yes

#PubkeyAuthentication yes


29. How would you block specific user or group from access SSH?

Ans: You can deny a user and group by using the following directive:

DenyUsers tech2 tech4

DenyGroups sysgroup1


30. What purpose is assigned for “MaxAuthTries”?

Ans: Which defines the maximum number of allowed failed login attempt from a n/w. By default It is 6.

MaxAuthTries 4