5  SSH

SSH (Secure Shell) provides encrypted communication between two systems. It’s how you access your server’s command line remotely.

5.1 Key pairs

SSH uses public key cryptography:

  • Private key: Stays on your machine. Never share it.
  • Public key: Goes on the server. Anyone can see it.

The public key encrypts data, and only the corresponding private key can decrypt it. When you give a server your public key, you’re saying: “Create a lock that only I can open.”

5.2 Generating a key pair

ssh-keygen -t rsa -b 4096

This creates two files in ~/.ssh/:

  • id_rsa — the private key
  • id_rsa.pub — the public key

For ndexr servers, you don’t need to generate keys manually — the console creates a .pem key file for you when you create a key file in the Key Files section.

5.3 Connecting

Basic SSH connection:

ssh user@192.168.1.100

With a specific key file (how ndexr keys work):

ssh -i ~/my-key.pem ubuntu@your-server-ip

With a non-standard port:

ssh -p 2222 user@192.168.1.100

5.4 SSH config

Simplify repeated connections by editing ~/.ssh/config:

Host my-ndexr-server
  HostName 3.130.103.243
  User ubuntu
  IdentityFile ~/my-key.pem
  Port 22

Then connect with just:

ssh my-ndexr-server

5.5 Hardening SSH

On a production server, edit /etc/ssh/sshd_config:

PasswordAuthentication no
PermitRootLogin no

Then restart SSH:

sudo service ssh restart

This forces key-based authentication (no passwords) and blocks root login. ndexr servers are configured this way by default.

5.6 AutoSSH: Persistent tunnels

AutoSSH maintains an SSH tunnel and restarts it if the connection drops. This is useful for exposing a local server through your EC2 instance — you can run heavy computation at home and serve it publicly through AWS.

Install:

sudo apt install autossh

Test a tunnel:

autossh -M 0 -f -N -R 0.0.0.0:2222:localhost:22 ubuntu@ndexr.io

This makes your local machine’s port 22 accessible as port 2222 on ndexr.io.

To make it persistent across reboots, create a systemd service at /etc/systemd/system/autossh-tunnel.service:

[Unit]
After=network.target

[Service]
User=ubuntu
ExecStart=/usr/bin/autossh -M 20000 -N -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -i /home/ubuntu/.ssh/id_rsa -R 0.0.0.0:2222:localhost:22 ubuntu@ndexr.io
Environment="AUTOSSH_GATETIME=0"
Restart=always
RestartSec=3

[Install]
WantedBy=multi-user.target

Enable and start:

sudo systemctl daemon-reload
sudo systemctl enable autossh-tunnel.service
sudo systemctl start autossh-tunnel.service