12 SSH interview Q&As

Q1. What is ssh?
A1. SSH is a secure protocol used for remotely connecting to Linux servers. For example, creating an ssh connection from your local laptop to an ec2 instance running on AWS or any server on the cloud.

You will be prompted for a password, and then you access the files & programs on the remote machine.

The SSH connection is implemented using a client-server model. This means that for an SSH connection to be established, the remote machine must be running a piece of software called an SSH daemon (e.g. sshd).

Linux or macOS users can SSH into a remote server via a terminal window. Windows users need to use SSH clients like Putty.

Q2. How to use passwordless ssh? Why is it preferred over password based authentication?
A2. SSH clients can authenticate either using

1) passwords (less secure and not recommended as automated bots and hackers can repeatedly try to authenticate to accounts that allow password-based logins)

2) using SSH keys are more secured, and allows you can automate tasks via shell scripts without requiring to enter the password to connect from one host to another. This is a must know interview question, and refer to the link below to learn how to set up SSH keys for passwordless login.

Setting up ssh login without password using SSH keys step by step.

Q3. What tool do you use to generate public/private key pairs on your machine?
A3. ssh-keygen command generates public/private keypairs in your “~/.ssh” folder, where “~” is your home directory like “/home/user”.

or for more hardened key as SSH keys are 2048 bits by default.

You will be prompted to provide a name for your public/private key files, but if you opt for default names, they will be

~/.ssh/id_rsa The private key. DO NOT SHARE THIS FILE with anyone.

~/.ssh/id_rsa.pub The associated public key, which can be shared freely without consequence.

Q4. How do you copy the generated public to the remote server’s ~/.ssh/authorized_keys file:
A4. Firstly use a utility named ssh-copy-id.

Alternatively,

Q5. What is an ssh-agent? Why would you need that on the client machine where your private key is?
A5. If you have entered passphrase for your private SSH key pair when generating the public/private key pairs via ssh-keygen, you will be prompted to enter the passphrase every time you use it to connect to a remote host. To prevent having to repeatedly enter the passphrase, you can run an SSH agent. This small utility stores your private key after you have entered the passphrase for the first time.

Q6. How do you start an ssh-agent if not already running?
A6.

or with back ticks.

Q7. How do add your private keys to the ssh-agent once it is started?
A7. If it is a default private key names like id_rsa, id_dsa, etc.

If you provided a different name when prompted using ssh-keygen, then

Q8. What if you have to login to the SSH server with a different port other than 22, and also having to remember the ip addresses every time you connect?
A8. It can be cumbersome to every-time do

To prevent having to do this every time you log into a remote server, you need to create a configuration file in the ~/.ssh directory of your client computer.

Add your host details with aliases.

Your remote_alias could be “aws_ec2_1”. Then you can connect just by typing

Q9. How do you disable password based authentication as keys based authentication is more secured & beneficial?
A9. Once you have SSH keys configured and working properly, it is probably a best practice to disable password authentication, which will prevent any user from signing in with SSH using a password.

You need to edit the /etc/ssh/sshd_config file with root or sudo access. Inside of the file, search for the PasswordAuthentication directive, and set it to “no”.

You need to restart the server after this change.

OR

OR

You can edit the file for /etc/ssh/sshd_config for changing the port that the SSH Daemon runs on, limiting the users who can connect through, disabling root login, etc.

Q10. How will you use different keys when using ssh?
A10.

If you have multiple keys and don’t want to type them very time, you can set them up in the client configuration file “/etc/ssh_config” for global configuration or in the “~/.ssh/config” for local. For example,

Q11. Can you copy files with ssh?
A11. SSH comes with 2 applications for remote file transfer, namely scp and sftp. You can also use SSH to secure your rsync session.

Q12. What is ssh port forwarding?
A12. You can use a local ssh tunnel when you want to get to a resource that you can’t get to directly, but a ssh server that you have access to can.

SSH connections can be used to tunnel traffic from ports on the local host to ports on a remote host. The syntax is

Prerequisite: If you’re using the OpenSSH server, open /etc/ssh/sshd_config in a text editor. If you find AllowTcpForwarding is set to No, change them to Yes.

Say your local laptop on 192.168.0.55 cannot access the web server “192.168.0.4” on port 80, but can access the server “192.168.0.25” on port 22, then you can use port forwarding as shown below to access the webserver via http://localhost:8080.

Another example would be that your local laptop on 192.168.0.55 cannot access the web server “192.168.0.4” on port 80 as a firewall in the middle is blocking it. But you can ssh to “192.168.0.4”.

you can access the webserver via http://localhost:8080.

A web application is running on port 8000 of your local computer, which other people can’t access it directly because you’re sitting behind a NAT network without a public IP. If you would like to show a customer how the application looks like then you can use “remote port forwarding“. Establish a reverse tunnel first, and then use that tunnel to create an ssh tunnel back the other way.

Now, the customer can open “http://customer.com:7000”. When you run the above command, the SSH server binds to the 7000 port on customer.com. Any traffic that it receives on this port is sent to the SSH client on your local computer, which in turn forwards it to port 8000 on 127.0.0.1.

Q13. Can you describe an instance where you used SSH tunnels?
A13. Connecting to a RDS database (e.g. MySQL) from your local laptop. RDS instance is in the private subnet of a VPC. An AWS ec2 instance, which can access the RDS instance can be used as a jump box to connect from your laptop.

-f Requests ssh to go to background just before command execution.
-g Allows remote hosts to connect to local forwarded ports.
-v Verbose mode. Causes ssh to print debugging messages about its progress.
-N Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only).
-i identity_file. Selects a file from which the identity (private key) for RSA or DSA authentication is read.

Q14. Can you give some real life scenarios of using remote ssh?
A14.

1. Executing a shell script in a remote machine

Executing commands on a remote machine:

2. From Jenkins pipeline to deploy

3. From Jenkins run an Ansible playbook


Java Interview FAQs

800+ Java Interview Q&As

Top