Common SSH Protocol Interview Questions and Answers

SSH, secure shell, is a network protocol used to access remote Linux machine. You can execute commands on the remote server by connecting using SSH protocol.

SSH, it’s an important part in a Linux based technical interview. Both newbies and experienced techs can follow up this post for their interviews!.

It is very vast and interesting topic. Prepare SSH clearly and attend the interview with cent percent confident .

Ans : Secure Shell protocol is abbreviated as SSH. It is a secure and most commonly using protocol to access remote servers. This protocol uses encryption while transferring data between two hosts.

Ans : Yeah, everyone knows the default port number of SSH and which is port 22. As a security measure, you have to change the port number from 22 to some other open ports. Yeh!! It is possible.

Step 1 : Log into the server as root user. Step 2 : Open SSH configuration file with your favorite text editor.

Step 4 : Change its value to some other non-engaged port number, like 2022. Step 5 : Save the file. Step 6 : Restart SSH daemon.

Ans : Of-course, it is possible. We can add our public keys to a file on the remote server called “authorized_keys” that is in the home directory of the user. For root, this file is located under “/root/. ssh” directory.

Generate keys from your local machine and upload it this file. You can create your own key pair using the command “ssh-keygen” from your Linux machine. For windows, you can use puttygen for private public keys.

If you are constantly being attacked at the root level and you want to stop all root logins to your server, you can do this. Yeah, it is possible. There is a directive in SSH configuration file to manage it. The configuration file is pasted below:

Ans : Simply open the SSH configuration with your favorite text editor and disable root login. This can be achieved by following the Question 7.

Then search for the directive “AllowUsers” in configuration file. If it is not there, add it and specify the username there.

Ans : Like AllowUsers and AllowGroups, you can deny a user/users and group/groups by using the following directive:

Ans : Both SSH and Telnet are network protocol to connect and communicate with another machine over n/w. I prefer SSH.

Ans : To enable debugging mode, use the switch “v” along with your normal SSH command. To increase the debugging level just increase the number of v’s. Please see the example:

Ans : SSH has two protocols, Protocol 1 and Protocol 2. Protocol 1 is less secure and old. We use Protocol 2 now-a-days! You can set/change it from the SSH configuration file.

Ans : Yes, it is possible. SCP is the command used to transfer files over n/w securely. SCP is based on SSH protocol and it uses the SSH port by default.

The above command securely copy all files from /home/crybit/ on remote host to source machine’s /home/crybit directory.

Nope, it will not! We need to specify the actual SSH port number for SCP connection. You can use the switch -P to specify your non default SSH port.

Ans : Blowfish is used with SCP command. It uses to increase the transfer speed. By default scp uses the Triple-DES cipher to encrypt the data being copied.

Ans : SCP stands for Secure Copy. It transfer files over n/w securely. SCP is based on SSH protocol and it uses the SSH port by default.

1. The client starts an SSH connection to the remote host and asks the remote host to start an SCP process.

In this mode, SCP on the remote host reads files from the hard drive and sends them back to the client computer.

Which accept the files sent by the client and write them to the disk on the remote host.

Ans : We already explained the “P” and “-c blowfish” switches usages. Other commonly using switches are “r” “p” and “u. ”.

Ans : This directive is used to limit the SSH access to specific subnet. It will increase the security again. No one other than the given subnet network can’t access the server over SSH.

Step 1 : Open the configuration file using your favorite text editor. Step 2 : Search for “AddressFamily”Step 3 : Add your preferred sub net details.

Yes, sshpass is a command that lets us give the Linux command line interface (CLI) a password. It helps to supply SSH password in automation scripts.

Ans : This directive specify which interfaces on the server is ready for connections from outside the n/w. Let’s say your server has six different IP addresses and you want to set up SSH so that it will only allow access from a certain IP address.

Ans : By default, its value is 2 minutes. In other words, if you use SSH to connect to the server, you have two minutes to make sure you use the right credentials.

Ans :In SSH configuration file, there is a directive to specify the banner file. This directive is “Banner.”

Ans : Cipher is an algorithm to perform encryption and decryption. Different types of cipher supported by SSH are:

Answer: SSH can also send X11 forwarding. To open the server GUI app from the client, we need to use an option called -XY.

The SSH (Secure Shell) protocol is a cryptographic network protocol used for operating network services securely over an unsecured network. SSH provides a secure channel between a local and remote computer and is commonly used for remote command line login, remote command execution, and other secure network services. In interviews for network engineering or cybersecurity roles, candidates are often asked questions about SSH to assess their understanding of this essential networking protocol. In this article, we’ll go over some of the most frequently asked SSH interview questions and provide sample answers to help you prepare.

What is SSH and How Does it Work?

SSH, or Secure Shell, is a network protocol that allows establishing a secure connection between a local computer and a remote server or computer over an insecure network. It provides strong encryption to authenticate the remote computer and encrypt data sent over the connection.

Here’s a quick overview of how SSH works

  • SSH operates on TCP port 22 by default. The client connects to the SSH server on TCP 22.

  • The client begins an SSH session by initiating the TCP handshake with the server

  • The server sends its public host key to the client The client uses this key to validate the server’s identity,

  • The client and server negotiate an encryption algorithm to establish the secure tunnel. Commonly used algorithms are AES, Blowfish, 3DES, etc.

  • The server and client generate session keys through asymmetric encryption key exchange algorithms like Diffie-Hellman.

  • Once the symmetric session keys are generated, all traffic is encrypted using these keys.

  • The client authenticates itself using the private key. This can be through password-based authentication or public-key cryptography.

  • An encrypted tunnel is established between the client and server. All data transmitted is encrypted.

  • Commands entered by the client are executed on the remote server over the encrypted tunnel.

  • The SSH session ends when the client closes the connection.

This encrypts the communication, authenticates the remote computer, and provides secure remote access to resources on the remote computer.

What is the Difference Between SSH1 and SSH2 Protocols?

There are two main versions of the SSH protocol – SSH1 (SSH-1) and SSH2 (SSH-2). Here are the key differences:

  • Encryption algorithms: SSH1 uses weaker encryption algorithms like DES, 3DES, etc. SSH2 uses stronger algorithms like AES, Blowfish, etc.

  • Integrity checking: SSH2 has improved integrity checking through hash functions like SHA-1. SSH1 does not have integrity checking.

  • Authentication methods: SSH1 is limited to password-based authentication. SSH2 supports additional mechanisms like public key and host-based authentication.

  • Security: SSH2 is more secure as it provides better encryption, integrity checking and authentication methods. SSH1 has known vulnerabilities.

  • Speed: SSH2 gets a performance boost from its ability to reuse existing sessions and connections.

  • Multiplexing: SSH2 allows creation of multiple channels over the same connection. SSH1 does not support multiplexing.

  • Usage: Due to its security flaws, SSH1 has been deprecated. Most modern distributions support only SSH2.

How Does SSH Key-Based Authentication Work?

SSH key-based authentication uses asymmetric public-key cryptography to authenticate the client to the server. It works like this:

  • The client generates a keypair – a public and private key. The private key is kept securely by the client.

  • The public key is copied to the server and stored in an authorized_keys file under the ~/.ssh directory.

  • During authentication, the client proves its identity by signing a challenge sent by the server using the private key.

  • The server validates this by checking the signature against the public key stored for that user.

  • If valid, the client is authenticated and logged in without the need for a password.

The key pairs are generated using algorithms like RSA, ED25519, etc. Private keys are protected with a passphrase.

Key-based authentication is more secure than password-based authentication. It eliminates weaknesses like brute force attacks, password leaks, and password reuse across systems.

What Are Some SSH Best Practices?

Here are some best practices to secure SSH connections:

  • Use SSH key-based authentication instead of password-based authentication which is prone to brute force attacks.

  • Change the default SSH port from 22 to a non-standard port for extra security.

  • Disable root login over SSH and set up sudo for elevated privileges.

  • Enable SSH login for specific users instead of permitting all users. Restrict using AllowUsers in sshd_config.

  • Setup SSH access controls like AllowUsers, DenyUsers in sshd_config to only allow access from trusted IP addresses or subnets.

  • Enable idle timeout to auto-terminate idle SSH sessions after some time.

  • Disable X11 forwarding if not explicitly required.

  • Enable public key authentication for sftp and disable password-based auth.

  • Use SSH bastion hosts to enable secure access to critical servers.

  • Monitor SSH logs using tools like Logsign or GoAccess to detect attacks.

  • Disable legacy insecure algorithms and protocols like SSH1, CBC ciphers, SHA-1 etc.

Following these best practices will dramatically improve your SSH security posture.

How Do You Troubleshoot Common SSH Issues?

Some common SSH issues faced along with their troubleshooting are:

  • Connection timed out – Server is down, firewall blocking port 22, network issues. Verify server status, iptables rules, connectivity using ping/telnet.

  • Connection refused – SSH server not running on remote host. Check status of sshd process on server.

  • Host key verification failed – Invalid SSH keys. Regenerate keys using ssh-keygen.

  • Permission denied – Incorrect username or password. Client public key not in server’s authorized_keys. Verify credentials work, authorized_keys configuration.

  • Broken pipe – Connection disrupted. Investigate network instability, routes, firewall rules.

  • Connection closed by remote host – Server idle timeout reached. Increase ClientAliveInterval and ClientAliveCountMax as needed.

  • Error – Server’s host key changed – Host keys mismatch. Known hosts contains stale host keys. Edit known_hosts file to remove old keys.

  • No supported authentication methods available – Password auth disabled, keys not set up. Enable desired auth mechanisms on server.

These are some common scenarios faced. Logs are your friend – examining SSH logs will provide hints on where to investigate further.

How Does SSH Port Forwarding or Tunneling Work?

SSH port forwarding allows establishing secure tunnels between multiple hosts via an SSH connection. It forwards otherwise unsecured TCP ports through the encrypted SSH channel. Port forwarding sets up a listening port on the SSH client machine and connects it to a remote destination through the SSH session.

There are three main types of SSH port forwarding:

  • Local Port Forwarding – Forwards a local port to a remote host. For example, forward localhost:4000 to access web server on remote_host:80 through the SSH tunnel.

  • Remote Port Forwarding – Forwards a remote port to the local host. For example, forward remote_host:3000 to localhost:8888 to access port 3000 on the remote server locally.

  • Dynamic Port Forwarding – Sets up a SOCKS proxy with SSH as the back-end. Allows pivoting through SSH to access any remote resource.

SSH port forwarding is very powerful for accessing remote resources securely in different network setups. It is often used to bypass firewall restrictions or TLS inspection done by middleboxes.

What Are Some Real-World Use Cases of SSH Port Forwarding?

Some common use cases for SSH port forwarding are:

  • Accessing internal development servers privately from home

  • Bypassing company firewalls to access blocked resources

  • Masking traffic by tunneling through SSH to evade network monitoring

  • Connecting securely to a remote database server from application servers

  • Allowing external access to internal virtual machines inside a NAT network

  • Establishing VPC peering between resources across separate AWS accounts

  • Enabling team members to collaboratively debug remote services through a bastion server

  • Developing locally against cloud resources using an SSH tunnel from the local machine

  • Bridging traffic between different networks that cannot be connected directly

SSH port forwarding enables very flexible deployment patterns. Combined with other SSH capabilities, it delivers a versatile tool for managing networked resources securely.

What Is SSH Agent Forwarding?

SSH agent forwarding is a technique that allows you to use your local SSH keys stored in ssh-agent to connect from a remote server to other machines further down the chain without copying keys across multiple hosts.

It works by automatically forwarding requests from remote ssh clients targeting the ssh-agent running on your local machine to the local ssh-agent.

This avoids the need to copy keys to multiple intermediate servers when performing multi-hop connections which improves security by not exposing the keys on these servers.

To use agent forwarding, the AllowAgent

SSH Interview Questions and answers | Topic Based Interview | Tech Arkit

Why is SSH important in a Linux based technical interview?

SSH, secure shell, is a network protocol used to access remote Linux machine. You can execute commands on the remote server by connecting using SSH protocol. SSH, it’s an important part in a Linux based technical interview. Both newbies and experienced techs can follow up this post for their interviews! It is very vast and interesting topic.

Is SSH a hot topic from interview point?

SSH is a very hot topic from interview point, of all times. The above questions would have surely added to your knowledge. That’s all for now.

What is the difference between SSH protocol 1 & Protocol 2?

Justify this statement. Answer : SSH uses two protocols – Protocol 1 and Protocol 2. Protocol 1 is older than protocol 2. Protocol 1 is less secure than protocol 2 and should be disabled in the config file. Again, we need to open the SSH configuration file and add/edit the lines as shown below.

How to disable SSH protocol 1 & 2?

Answer : SSH uses two protocols – Protocol 1 and Protocol 2. Protocol 1 is older than protocol 2. Protocol 1 is less secure than protocol 2 and should be disabled in the config file. Again, we need to open the SSH configuration file and add/edit the lines as shown below. Save the configuration file and restart the service.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *