----BEGIN CLASS---- [17:32] #startclass [17:32] Roll Call [17:32] Rahul Jha [17:32] Pravar Agrawal [17:33] Vibhor [17:33] mrinal raj [17:33] Nilesh Patra [17:33] sparsh [17:33] Ritik Raushan [17:33] Aniruddha Basak [17:33] Ritwiz Sinha [17:33] Aman Verma [17:33] Ankur [17:33] Abhay Kaushik [17:33] Bhavesh Gupta [17:33] Amit kumar [17:34] let's wait for a minute and start [17:34] Ratan Kulshreshtha [17:35] who all are online from mobile? [17:35] because if you are then there is no use of joining today's class [17:36] I would take the silence as no one is online from mobile [17:36] moving ahead [17:36] Today we will be learning about SSH abbreviation of Secure Shell [17:37] Since we already had our class on Linux commands, can someone raise hand and explain the meaning of a shell [17:37] ! [17:37] next [17:38] ! [17:38] ! [17:38] a shell is just a command intrepretor to provide instructions to oprating system [17:38] okay, let's hear it from others [17:38] gargantua_kerr[m: iinternaut [17:38] next [17:38] next [17:39] yes a program which is used to give instructions to the OS [17:39] Shell is basically an interface that lets a user input instructions to perform various tasks with an OS [17:40] correct, shell is basically a command parser that provides instructions to perform task to an OS [17:40] now what can you infer from Secure Shell? [17:40] ! [17:40] next [17:41] secure as in networking [17:41] not anyone will be able to give commands [17:41] iinternaut: correct [17:42] ! [17:42] As a beginner, I would infer from Secure Shell is something to do with security and shell [17:42] ! [17:43] ssh is a protocol which provides a secure communication between two machines [17:43] what is protocol? [17:43] ! [17:43] ! [17:43] ! [17:43] ! [17:43] ! [17:43] (you will hear this term a lot if times in computer science) [17:43] next [17:43] next [17:43] next [17:43] next [17:43] Set of rules defining any communication [17:43] next [17:44] protocol is a set of rules to communicate over a network [17:44] next [17:44] next [17:44] protocol is, set of rules or guidelines to follow [17:44] a set of rules or instructions [17:44] set of rules that are predetermined [17:45] right, so when we perform an ssh it performs a bunch of action according to the rules provided [17:45] you can search over the internet, "SSH rfc", this would return a bunch of SSH related RFCs [17:46] This one in particular I will explain later in the class of ssh [17:46] https://tools.ietf.org/html/rfc4251 [17:46] any questions till now? [17:47] ! [17:47] next [17:48] http is also a protocol right? and machines also communicate over http(through chats, I think). How is it different from ssh exactly? [17:49] Also, does ssh follow a client-server model? [17:49] gargantua_kerr[m: yes, good question, I will keep this question for tomorrow as I will go through the working of ssh [17:49] how ssh works internally [17:50] gargantua_kerr[m: also, searching your question on the internet is needed [17:50] because internet would spit the result in the first go [17:50] moving ahead [17:50] Fire up your terminals [17:51] done [17:51] go to your home directory and try `ls .ssh/` [17:52] if you already have the .ssh directory then your ssh keys are already created? [17:52] known_hosts [17:52] sayan: done [17:52] done [17:52] is coming ^ [17:52] id_rsa , id_rsa.pub, known_hosts [17:52] empty directory [17:52] anyone else see the same files as zarnigma? [17:53] yes, I can see [17:53] I'm getting these : known_hosts ssh_key.pub [17:53] empty [17:53] sayan: n Yes I have already created [17:53] empty [17:54] known_hosts [17:54] so zarnigma gandalfdwite gargantua_kerr[m knownymous_ have already their keys created [17:54] known_hosts [17:54] I doubt about gargantua_kerr[m though [17:54] id_rsa , id_rsa.pub, known_hosts [17:55] those who already have the id_rsa, id_rsa.pub file present, create a backup of it in a seperate directory [17:55] tell me when done [17:55] sayan: if we lost it somehow then what will happen? [17:56] done [17:56] raydeeam: lost is lost [17:56] you might lose access to server, accounts etc [17:56] sayan: oh okay [17:56] done [17:56] I once messed up my Github account 2FA, github authenticated me via ssh [17:56] sayan: I did create one a long time back, I think. Did that without understanding much about it. [17:56] done [17:57] if I had lost ssh keys then my account would have been lost [17:57] done [17:57] I created to connect to my github....However github allows connection via https as well [17:58] zarnigma: you should not be using https for authentication [17:58] anyways moving ahead [17:58] I created them to connect to a gitlab instance [17:58] ssh-keygen -t rsa -C "myemail@emailhost.com" [17:59] replace the last arg with your email id [17:59] for me it would become: [17:59] inside .ssh folder? [18:00] anywhere is fine, but let's do it from home folder [18:00] It would prompt for a passphrase, right? [18:00] yes [18:01] No, it asks for filename but i guess we can skip it [18:01] It has prompted for a filename [18:01] yes, skip it. [18:01] but I will tell a few lines about it here [18:02] a lot of people connect their one key to multiple account [18:02] BhaveshSGupta: okay [18:02] sayan, created [18:03] as I was saying, a lot of people connect their one key to multiple account [18:03] which I would not suggest as it becomes a single point of failure [18:03] it is like using one password for different websites [18:03] so ideally for every server, accounts create a new ssh key [18:03] something I do [18:04] hey sayan its asking for creating a file to save the key [18:04] ! [18:04] I create the filename depeding the website name or the server name [18:04] mrinalraj_: what do you think we should do? [18:04] next [18:04] if we use the same email and paraphrase every time... wont the key be same? [18:04] zarnigma: email can be same, not the passphrase :) [18:05] currently I just entered [18:05] ! [18:05] next [18:05] but we can leave passphrase empty, right? [18:05] iinternaut: do you live in a house? [18:06] sayan: yes [18:06] iinternaut: do you lock your house when you sleep, or go out? [18:06] sayan: Ohk, got your point [18:07] who all went ahead and created the keys? [18:08] me [18:08] me [18:08] me [18:08] me [18:08] me [18:08] me [18:08] how long did you keep your password? [18:08] me [18:08] or passphrase? [18:08] me [18:09] 14 characters [18:09] sayan me [18:09] *for testing 5 characters long [18:09] 10 characters [18:09] 8 char [18:09] 9 characters [18:09] 8 characters [18:09] 8 characters [18:10] anyone still counting? [18:10] 7 [18:10] 11 char [18:10] so most of you failed the social engineering trick [18:10] 8 char [18:11] never reveal any details about your password [18:11] only for testing though [18:11] :') [18:11] iinternaut: mentioned testing :) [18:11] sayan that was cool [18:11] yea [18:11] sayan: ah! right [18:11] never type the password in public [18:12] ;-) [18:12] sayan, ok [18:12] I've seen a lot of people type password on conferences, talks etc [18:12] cover your password [18:12] sayan: I was also testing as already setup. But you got me :) [18:12] also as a ettiquete, look away when someone is typing :) [18:13] and educate the person [18:13] I thought telling number of character won't effect. [18:13] raydeeam, yup :p [18:14] mrinalraj_: earlier earlier when I did not know, I might have to run a loop from 1-10 to guess your password [18:14] mrinalraj_: you narrowed down the scope [18:14] 1-10 characters [18:14] now go create your keys again, and tell when done [18:15] done [18:15] done [18:15] done [18:15] done [18:15] done [18:15] done [18:15] done [18:16] done [18:16] Done [18:16] done [18:16] done [18:16] did anyone use special characters like !@#$% etc? [18:16] yes [18:16] yes [18:16] yes [18:16] maybe [18:17] sayan: like you :P [18:17] yea ,maybe [18:17] yes [18:17] yep [18:17] it isn't social engineering again right? sayan [18:17] used password manager ;) [18:17] cannot tell [18:17] can't tell :) [18:17] ah, got us again? [18:17] ues [18:17] Yes [18:17] :D [18:17] :) [18:17] whoever said yes, go change again :) [18:18] what if we lied? [18:18] X-P [18:18] iinternaut: most of them don't [18:18] :p [18:18] if you lied, that's better [18:18] anyways, if you lied, then don't [18:18] else change [18:19] I hope you understand not to tell your password [18:19] I cannot tell is the answer [18:19] who all have github account? [18:19] ! [18:19] o/ [18:19] next [18:19] me [18:20] me [18:20] me [18:20] I have [18:20] those who don't have quickly sign up on github [18:20] Is it generating two key one id_rsa and id_rsa.pub if yes then why? [18:20] me [18:21] yes I have github [18:21] aniruddhab: I will tell that tomorrow, architecture question it is [18:21] one must be a public key, the other one private [18:21] zarnigma: yes [18:21] sayan, ok [18:21] one is public and other is private [18:22] ! [18:23] next [18:23] when again will passphrase be used? [18:23] iinternaut: when you interact with your ssh keys [18:24] you need the passphrase to unlock the private key [18:24] setup the keys using the steps given in the link: https://help.github.com/en/enterprise/2.15/user/articles/adding-a-new-ssh-key-to-your-github-account [18:24] https://help.github.com/en/articles/adding-a-new-ssh-key-to-your-github-account [18:25] actually this [18:25] tell when done [18:25] ! [18:26] next [18:27] fill up the sheet here, https://pad.riseup.net/p/dgplug-ssh-class-keep [18:27] with the details needed [18:27] What do the 'SSH keys' that we created just now do? And how are they different from getting access via login and password? [18:28] gargantua_kerr[m: again tomorrow [18:28] tomorrow's class I will explain the architecture how the thing works, and why it is recommended [18:28] sayan: why do you need those details in that sheet? [18:29] gandalfdwite: just to keep a log, use it during the github class [18:31] sayan: okay [18:31] sayan: could you explain what are GPG keys? (It's written right below the SSH on GitHub) [18:31] gargantua_kerr[m: ignore! [18:32] no is done yet? [18:32] done [18:32] done [18:32] s/no/no one/ [18:32] done [18:32] done [18:33] done [18:34] you can visit https://github.com/.keys [18:34] to see the ssh public keys [18:34] https://github.com/aniruddha2000.keys for example [18:35] ! [18:35] sayan, yup done [18:35] next [18:35] what do we have to do in the sheet? its filled with 4 names already [18:36] swiftkiller: zarnigma seems like edited the first line, you need to fill in the username in github and passphrase [18:36] but now just fille the github username [18:37] oki thanks ;) [18:37] next, try this: https://help.github.com/en/articles/testing-your-ssh-connection [18:37] sorry I wrongly edited it [18:37] tell when done [18:37] :)* [18:37] ! [18:37] next [18:37] done [18:37] done [18:37] github keys doesnt show email..isnt email the part of the key? [18:38] id_rsa.pub fil does show email in it as well [18:38] done [18:39] however https://github.com/zarinn3pal.keys hides the email... is it for security purpose? or is email not the part of the ssh key? [18:39] done [18:40] zarnigma: strange, I don't know why the github keys don't show it [18:40] it usually displays the whole iirc [18:40] okay, it does not [18:40] means email isn't the part of the key? sayan [18:41] email is just a label to identify which email is associated with what [18:42] okay thanks...done with testing the ssh connection as well [18:42] so when we are doing the git class we would need this, if you have been testing remember to do the proper setup of the keys and github [18:43] Roll Call [18:43] vibhor [18:43] Rayan Das [18:43] sparsh [18:43] mrinal Raj [18:43] niraj [18:43] Pravar Agrawal [18:43] Ankur [18:43] Nilesh Patra [18:43] Aniruddha Basak [18:43] Bhavesh Gupta [18:44] remember to read the link I gave ----END CLASS----