Loading Now

SSH Essentials: Working with SSH Servers, Clients, and Keys

DNS Linux SSH

SSH Essentials: Working with SSH Servers, Clients, and Keys

SSH Server Introduction

SSH Servers SSH is a secure protocol used as the primary means of connecting to Linux servers remotely. It provides a text-based interface by spawning a remote shell. After connecting, all commands you type in your local terminal are sent to the remote server and executed there.

In this cheat sheet-style guide, we will cover some common ways of connecting with SSH to achieve your objectives. This can be used as a quick reference when you need to know how to connect to or configure your server in different ways.

SSH Overview

The most common way of connecting to a remote Linux server is through SSH. SSH stands for Secure Shell and provides a safe and secure way of executing commands, making changes, and configuring services remotely. When you connect through SSH, you log in using an account that exists on the remote server.

How SSH Works

When you connect through SSH, you will be dropped into a shell session, which is a text-based interface where you can interact with your server. For the duration of your SSH session, any commands that you type into your local terminal are sent through an encrypted SSH tunnel and executed on your server.

The SSH connection is implemented using a client-server model. This means that for an SSH connection to be established, the remote machine must be running a piece of software called an SSH daemon. This software listens for connections on a specific network port, authenticates connection requests, and spawns the appropriate environment if the user provides the correct credentials.

The user’s computer must have an SSH client. This is a piece of software that knows how to communicate using the SSH protocol and can be given information about the remote host to connect to, the username to use, and the credentials that should be passed to authenticate. The client can also specify certain details about the connection type they would like to establish.

Setting Up an SSH Server

  1. Install SSH Server:On Ubuntu, the SSH server can be installed using the openssh-server package: 
    sudo apt update
sudo apt install openssh-server

Start and Enable SSH Service:

Ensure that the SSH service is running and set to start automatically on boot:

sudo systemctl start ssh
sudo systemctl enable ssh

Configure SSH Server:

The main configuration file for SSH server is /etc/ssh/sshd_config. You can edit this file to change settings like port number, authentication methods, and more:

sudo nano /etc/ssh/sshd_config

Key options include:

  • Port: Change the default port (22) to something less common for security reasons.
  • PermitRootLogin: Set to no to disable direct root login.
  • PasswordAuthentication: Set to no to require key-based authentication.

After making changes, restart the SSH service:

sudo systemctl restart ssh

Using an SSH Client

  1. Connect to an SSH Server:To connect to a remote SSH server, use the ssh command followed by the username and server address:
ssh username@remote_host

If you’ve configured SSH to use a different port, specify it with the -p option:

ssh -p 2222 username@remote_host

SSH Client Configuration:

SSH client configuration can be managed in the ~/.ssh/config file. This file allows you to set preferences for specific hosts, like default username, port, and key file.

Example configuration:

Host myserver
HostName remote_host
User username
Port 2222
IdentityFile ~/.ssh/id_rsa

With this configuration, you can connect using:

ssh myserver

Working with SSH Keys

SSH keys provide a secure way to log in without passwords.

  1. Generate SSH Key Pair:Generate an SSH key pair using ssh-keygen. This creates a private and a public key:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    • -t rsa specifies the key type (RSA).
    • -b 4096 specifies the number of bits in the key.
    • -C adds a comment to the key for identification.

    By default, the keys are saved in ~/.ssh/id_rsa (private) and ~/.ssh/id_rsa.pub (public).

  • Copy SSH Public Key to Server:To enable key-based authentication, the public key must be added to the ~/.ssh/authorized_keys file on the remote server. Use ssh-copy-id to automate this:
ssh-copy-id username@remote_host

Secure Your SSH Keys:

  • Permissions: Ensure your .ssh directory and its contents have the correct permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

Passphrase: Protect your private key with a passphrase during creation. This adds an extra layer of security.

Disable Password Authentication:

After setting up SSH keys, you can disable password authentication on the server for added security. Edit /etc/ssh/sshd_config and set:

PasswordAuthentication no

Restart the SSH service to apply changes:

sudo systemctl restart ssh

Additional SSH Features

  • SSH Tunneling (Port Forwarding):SSH can tunnel network connections. This is useful for securing traffic or accessing services behind a firewall.
    • Local Forwarding: Forward a local port to a remote server:
ssh -L local_port:destination_host:destination_port username@remote_host

Remote Forwarding: Forward a remote port to a local server:

ssh -R remote_port:local_host:local_port username@remote_host

SSH Agent:

SSH Agent stores private keys in memory to avoid typing passphrases repeatedly. Start the agent and add keys:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

SSH File Transfer:

Use scp (Secure Copy) or sftp (SSH File Transfer Protocol) to transfer files securely over SSH.

  • SCP: Copy files between local and remote systems:
scp local_file username@remote_host:/remote/directory

SFTP: Interactive file transfer session:

sftp username@remote_host

Summary

SSH is a powerful tool for secure remote management and file transfer. By configuring SSH servers, clients, and keys properly, you can enhance security and streamline your workflow when accessing remote systems.

Related Posts

You May Have Missed