As a developer, you want to connect to a remote code repository using SSH. Which of the following is least likely to happen?
A. Install your public key on the remote code repository.
B. Generate a public and private key pair on your own.
C. Open the TCP port 22 on your development environment.
D. Input your password to log in.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Open the TCP port 22 on your development environment.
SSH typically supports password authentication and public key authentication. If you decide to implement the public key authentication, you can generate the asymmetric key pair using a key generator or other utilities, e.g., ssh-keygen.
- The private key shall be kept secret and never shared with others, e.g., the remote code repository server/service. It is used by your local SSH agent to authenticate to the remote code repository service.
- The public key is intended for sharing with others. You should install it on the remote code repository.
The remote code repository service, typically managed by a specific administrator instead of developers, is part of the holistic development environment. However, “your” development environment is limited to your PC, laptop, IDE, etc. As a developer, you cannot change the configurations of the remote code repository unless you are the administrator.
The SSH service listens to TCP or UDP port 22, while your SSH agent on your PC or laptop uses a dynamic port assigned by the operating system. As a result, you don’t have to open the TCP port 22 on your local machine or “your” development environment.
- Ssh (Secure Shell)
- Connecting to GitHub with SSH
- Use Public Key Authentication with SSH
- IANA Service Name and Transport Protocol Port Number Registry
- List of TCP and UDP port numbers
- About TCP/UDP Ports
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.