 Hi everyone, I'm going to talk about SSH, what is SSH, how does work, what we can do, and some useful tools. Before starting, my name is Alessandro, I'm a lead developer at 9-th Digital World Press Agency based in London. On Twitter and GitHub you can find this right after the talk. Kaj je SSH? V vikpediju SSH je Secure Socket Shell, je protovala protokova, kaj je vsega administrativna, in je vsega opravljena vsega komputera. Kaj je to? Vsega. Vsega. Vsega. Vsega. Sveč, da svoje nas početno poslutite vse doga, zelo postavimo načinati načinati načinati. Spravnje, inkripsčne algodirne, ko vidimo, je vse inkripsčne, tukaj se zelo vse včinati načinati načinati načinati. In se je tukaj, načinati načinati na konec, ki je 1, 2, a, 2, b, 3, 2, d. Čau, tudi čau, to je ino odličen, zelo naredajte vršč, zelo naredajte vršč, zelo naredajte vršč, zelo naredajte vršč. Zelo, da se tudi tudi zelo naredajte. To je vse več vršč. Prejveno, ki smo tudi vršč, zelo najbolji, ki se zelo naredajte, zelo naredajte, zelo našli. In druga je asymmetrična. Tak je z dve kripte vzelo. In zelo je izgleda izgleda. Vzelo je, da je izgleda in izgleda je vzelo. Vzelo je vzelo, da je izgleda in izgleda vzelo. To je komplementar. The difference with the symmetric one is that this one is a slower. Public key encryption is a system where we need to generate a key pair. The first one, the first key is called public key and we can share with anyone. The second key is the private key. We must keep secret because anyone that has access to the private key, we will be able to encrypt the message used with the public one. In the example before, the key we used, they are just the public and the private key. This system is used by SSH and HTTPS and there are several encryption asymmetric algorithms. So, how does SSH work? Basically, when we do random command SSH, both our computer and server, they will start to negotiate accession, use the asymmetric algorithm. So, the first part is done with asymmetric. They do agree on which symmetric algorithm to use and they start to generate asymmetric key that only they know. So, the first part is asymmetric. Also, they carry on with symmetric just because it's faster to use. Also, sometimes it can happen the key ring. If you stay connected too long or you reach the maximum data that you can transfer, then we start to generate a new symmetric key. Because the symmetric algorithm is secure as long as you don't use for a long time. There was my reaction when I figured out what was going on. So, how we generate the... Now, we saw how SSH work, let's see how we can create our keys. The command you need to use is SSH key gen. Here, there are two useful parameters. The first one specify the type of asymmetric algorithm to use. In this example is RSA. We can choose between different... For example, DSA, ECDSA, and so on. The point is before choose a different one, make sure that either your client or your server support them. The second parameter is the size of the key we want to generate. This one also depends by the type of asymmetric algorithm we want to use. RSA is still considered as strong, it's still used nowadays. And how I said, different one might be not supported by the server or the client. So, one second. Why we choose 4096? Because some version of the RSA has been broken in the past years. For example, the 5076 in 2003, the 768 in 2009. The 1028 has not been faculated yet, as far as we know. This might happen soon. Now the standard is the 2048. If you want to create a key, use at least 2048. We just choose 4096 just because it's better, it's double size. Now that's the first... Once we run the command, maybe ask, which were to save the key, a which file name. That's up totally to you where to save a which file name. You can go with the default one. You can also generate a different key for different services, or if you want to keep your company and private key separate. It's really up to you, there is no rule here. Another thing we be asked is the protecting SSH key. How many of you already use SSH? And how many use pass freeze with SSH? That's good. As we said, the private key we must keep secret, because anyone that has it will be able to spy on us. When we use a pass freeze, we encrypt our private key using an AS algorithm. If for some reason someone is able to access to the file, they won't be able to use it unless they also know the pass freeze. The problem here is if you lose your forgot pass freeze, you won't be able to use your own key as well. So you need to change anyone. But also you can change the password in the future if you want. Also, another point is that now we protected our private key, means that every time we want to use our private key, we need to insert the password. This might be frustrating sometimes during the day, if we don't remember anything. Luckily, SSH gives us a powerful tool, it's called SSH agent. This tool just holds the private key for us. The private key in memory does not store the private key anywhere, does not write in the disk. The keys are not shared with any client programs. All the operation that requires the private key for either encrypt or decrypt data will be handled by the SSH agent. And the communication happens via socket. Socket is a special file in the Unix system. It's used to allow two different applications to communicate between them. Also, with SSH, you can add, or if you have more than one key, you can add all of them. And SSH will figure out which one to use when you're using SSH. So, to start the agent, that's the command you need to run. And also you need to add your private key. And in this case, you'll be asked to insert password. And that will be the only time until you reboot your system. OK, now let's see how we can use SSH. To use SSH is very easy. You just need SSH, which you try to log in on the server, the domain or the IP address. And once you log it in, you will see something like that. Depends by the server you log in, which shell is configured. So, what we can do with SSH? Basically, we can install application server, we can configure the remote server. But something very useful is manage files and folders. For example, a problem with SFTP is that if you try to delete a huge number of files, it's very slow. You don't have this limit with SSH, because basically you're running a command on the server set way. Also, if you need to upload a lot of files, it can take a long time. So, you can easily zip, you can just upload the zip file. And once you log in on the server, you can unzip. Or you can make a zip of the files on the server and easily download them. And this is very useful. Yeah, you can backup. You can modify files on the server. Sometimes you can also have access to the database. So, you can use MySQL Dump to adapt the database or MySQL to import the database. Also, another useful thing is it can be used to deploy your local code. A lot more. One of the tools is Arcing. Arcing is a fast versatile remote and local falcoping tool. It's very powerful, and you can easily sync whatever your local folder on the server. Some useful option is that you can only sync what has been changed on local, what does not exist on the server, and you can use the same to pull the data from the server. The other problem is not very easy to use, but luckily there are plenty of tutorials on internet. And the one is SCP. This one I usually use when I need to just copy one folder, because this syntax is easier. There is really not too much to remember. Also, we are WordPress developers, and we have this powerful tool called WordMove. This one basically under the hood uses Arcing, but the configuration is just a plain text file, where you configure your local path, the remote path, and you can pull, push, plug in, upload folder and theme, and we use Arcing and SSH for you. Another situation might be useful. If you need to copy data from server A to server B, and assume that we have access to both from our computer, the problem is that server A cannot communicate directly with server B, so we cannot transfer directly the files, so we should log in and server, copy the files, download, upload on server B, and to do the copy. Another option might be create the key on the one server, authorize the keys on the other server, and vice versa. This will allow them to communicate. But luckily SSH gives us another tool. It's called SSH agent forwarding. This basically allows us to use to forward our engine. Our local SSH keys to the server. So, in this situation basically what we need to do is we forward our agent to server A, and now from server A we'll be able to connect to server B, or just use one of the tools I said before, from server A to server B. So suppose we need to do a migration, you can forward the key on one server and use Arcing to migrate WordPress and everything you need on the other one. Also SSH can be used to, you can be changed, so you can forward from server A to server B and so on, so on, so on. And to use it's very easy, it's just you need to append the shape to the SS command, or you can configure the, you can put the configuration in the SSH config. The problem here is for anyone that on the server you forward the key that has sufficient permission, like admin, like root, they may be able to use your agent. So don't just forward all the time, just do if you really need. So, as we said, we can loop infinitely forwarding. So, that's all. Remember that wherever you have SSH access, some client might give you admin access and if you mess up the server, might be a problem. Especially if you don't have physical access to it, you'll have to be able to access any more. And here are some useful resources. The first two are, this show you, you press RSA works. The third one is a bit more in depth with real example about the algorithm. The SSH by Michael is about the server, security implication and if you want to configure your own server. And the last one is the word move, the tool for WordPress. That's all for me. Thanks. Thank you, Alessandro. Does anyone have any questions? Right, we have a microphone at work. So, I'm going to get my step count in. Hi, so obviously you're on Linux. Those sort of commands will work well on macOS as well, because that's Unix-based. Do you have any experience of doing this on Windows? Do you have any experience of doing this on Windows? Do you have any experience of doing this on Windows? No Windows at all. MacOS, yes. I haven't used it for a long time. I mean, if you install open SSH, this is the most popular improvisation, you should be... You get the... Yeah, but you should be able to use SSH without any problem. Or you can use the... There is a UI. You can try that one. I don't see why you should have a problem with Windows anyway. I've just noticed as well, sorry, just because it'll be useful for people that Ubuntu does a... Unless you run a lot of Ubuntu commands. I was just going to mention there's a... Unix, sorry. Yeah, I was just going to mention that there's now a Linux subsystem for Windows 10, I think. I don't think it works for the old ones, but gives you access to those and it is based on Ubuntu, slightly tricky with Putty, but it does work with Putty. If you don't like Putty, there's a terminal called Hyper, much nicer. Any questions from the audience? I mean, we can talk about different terminal things all day long. I'm happy for that, but questions? Is that working? You mentioned different numbers of bits that you could use to include and you said you use 1496. Is there any reason why you wouldn't use that number? If you used a smaller number, is it faster? Is there any kind of... No, it's more a security implication because some... Like the 576 has been broken. The 1024, just because the computational power our machine is getting bigger and bigger and we know how to break RSA. The problem is that it's not doable because if you want to break the 4096, you need years, a lot of years. That's the problem. We know how to do it, but we cannot do that because it's not doable. So the bigger number you use, the less chance that your key can be broken. That's the only reason. What if you're ridiculous then to have 10,000 bits? I think there is a limitation by your client and your server. Not sure about that, but I think there are limits that your machine cannot support higher. But not sure about that. Cheers. I've just been really shy. Can I do a tip that's not a question? Yeah. I was gonna say, actually, I was at a cyber security conference and you know how people say, oh, you shouldn't have a stronger password at just cyber security people or at the conference they were like, there are 50 character passwords, then it speeds up the hackers to try and break the 50 security faster. So they were like, please just do a sensible amount so that we have longer to take. And I think it's the same with the 4.0. So just a tip, you briefly mentioned the config file in the SSH folder, which is really useful if you've got a lot of different connections using different key files and you don't have to specify which key file. So in the config file you can say for this server use this key file, for this server use this key file. I find that really useful because if you get too many and you let it try and work out which one to use, you can run out of attempts and get locked out of your own server. Been there, done that, not good. Thanks. Anyone else had SSH woes? I've got a heart right now. Oh, we've got one up there. It's not a question, it's more of a similar thing, yeah. So if you're trying to connect via SSH and it's not some of the use to that command at the beginning was like SSH user at host, specifying the port number can be useful because you might need to 2.0.2.0 and otherwise you might not be able to get in so which can be frustrating for me. Been there, done that. Got a badge. Feel like it's like a badge collection day. Does anyone have any favourite SSH things they like to do? I did RM minus F on my machine. That was not fun. And then it slashed because I thought it meant that folder and I realised actually I think Apple has a permission doesn't grant it. You can't just go in the league things like that with RM. Yeah. Come on, you need to work harder. Sorry, one tip, if you are logging in run your commands using screen so if your connection drops the command will still run otherwise it will drop with your collection. Sandro, do you have any favourite things that you like to do with SSH and terminal? What past self used to know? I use a lot because I connect to the remote server or company. That's why I know enough. Also I use no standard port so I need to use the dash P parameter. But also I had to migrate website a few months ago from two different servers. Luckily I had SSH access so I did the migration between one I did the lacking for hours and we tried to use a plugin and it was estimated 16 hours. I did the same in just four hours and eventually just because we did fast migration to test if it was working so we had to do real migration. Real migration just using our sync I just uploaded the file that were changed on the file so I didn't had to do everything from scratch to collect ten minutes. So it can be very useful for that. Do you have any scripts? Sorry, since none of you have any questions. Put your hand up if you do. No, at any point put your hand up if you do. I will come up. What about if you do you use anything like scripts or WPCLI when you SSH hate change? No, I use the word move. I use WPCLI but just to create I don't know too much about. Does anyone here know what WPCLI is or doesn't know what WPCLI is? Does anyone need an explanation? So yeah. So WPCLI is WordPress on the command line. WPCLI, CLI if you Google that into Google search that into any search engine of your choice. It will come up with some very useful things and does a really good search replace on databases which is one of my favourite things and makes it very easy to do it and you can also dry run which is dash dash dry dash run because we love our dashes. Last couple of questions. Thank you, Alessandro. Thanks. Thank you.