Ssh
Table of Contents
Introduction
What is SSH?
SSH (the Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It’s the most popular way to access a remote Linux or BSD server, although SSH also works on Windows. It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network.
How does SSH work?
On the server, you have an SSH daemon that is constantly listening to a specific TCP/IP port for possible client connection requests. Once a client initiates a connection, the SSH daemon will respond and the two machines will exchange their identification data. Once a connection is established, your command prompt will change from user@host on your local machine to remote-user@remote-host. The commands you enter will now affect the remote machine rather than your local machine.
Installing SSH
What packages are needed?
- You need the openssh-server (Ubuntu) package installed on the machine that acts as the server (the remote machine).
- You need the openssh-client (Ubuntu) package installed on the machine that acts as the client (your local computer).
- On Arch Linux, just install the openssh package. It has both the server and client functionality.
Enable SSH
- sudo systemctl status ssh (it should read
active
) - If it’s not running, then: sudo systemctl enable –now ssh
- If using ufw (the uncomplicated firewall): sudo ufw allow ssh
NOTE:
It is very important not to disable SSH on the remote machine if that is your only way into it.
Stopping and starting SSH
- Stop SSH with: sudo systemctl stop ssh
- Start SSH with: sudo systemctl start ssh
- Disable SSH with: sudo systemctl disable ssh
NOTE:
This will not disable current session but it will prevent you from logging into the machine in the future. It is very important not to disable SSH on the remote machine if that is your only way into it.
SSH keys
- Create key pair on client machine: ssh-keygen -t ed25519
- Enter file in which to save the key (home/sammy.ssh/id_ed25519): Go with default name or change it if you wish.
- Enter passphrase (empty for no passphrase): Up to you to do this or not, but it’s strongly recommended.
NOTE:
Should a private key with no passphrase fall into an unauthorized user’s possession, they will be able to log in to any server you’ve configured with the associated public key.
- Copy public key to server: ssh-copy-id sammy@your_server_address You can copy the public key into the server’s authorized_keys file with the ssh-copy-id command. Once the command completes, you will be able to log into the server via SSH without being prompted for a password. However, if you set a passphrase when creating your SSH key, you will be asked to enter the passphrase at that time. This is your local ssh client asking you to decrypt the private key, it is not the remote server asking for a password.
Disabling password SSH authentication
- sudo vim /etc/ssh/sshd_config
- PasswordAuthentication no (also make sure line isn’t commented with a #)
- sudo systemctl reload sshd (to put config changes into effect)
Warning:
before you disable password-based authentication, be certain you can successfully log onto the server with your SSH key, and that there are no other users on the server using passwords to log in.
Disabling root login
- sudo vim /etc/ssh/sshd_config
- PermitRootLogin no
- AllowUsers derek (or whatever user name)
SSH Command Line Basics
- ssh username@address (username on remote machine; address is IP or domain of remote machine)
- Don’t know the IP? On the remote machine, type: ip a
- With web hosting, you should receive the IP address when creating your server.
- The first time you connect, it will ask for permission to add the host. Type
yes
. - SSH tells you that host was permanently added and then asks for the remote user’s password. Enter
password
. - You’re now connected.
- Enable SSH with: sudo systemctl enable ssh (–now if also want it started)
- To exit, type:
exit
SSH Clients for Linux
There are clients for Windows and Android. I haven’t used them. There’s also some proprietary SSH clients available for Linux. I haven’t used them either. I have only used the following free and open source SSH clients.
- Emacs
- Remmina
Footer
Copyright © 2020-2021 Derek Taylor (DistroTube)
This page is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND 4.0).
The source code for distro.tube can be found on GitLab. User-submitted contributions to the site are welcome, as long as the contributor agrees to license their submission with the CC-BY-ND 4.0 license.