What is SSH?
SSH, or Secure Shell, is a network protocol that allows users to securely access a remote computer or server over an unreliable network. SSH is often used in the IT sector for file transfers, tunneling, and remote system management. It was created to take the place of unsafe remote shell protocols like Telnet.
All information exchanged between the client and server is encrypted and secure since SSH employs encryption to safeguard the connection. In circumstances when security is a concern, such as when viewing secure data or systems, this makes it an appropriate protocol for remote access.
Advantages of SSh
The following are some benefits of SSH.
- Secure
SSH is a safety protocol that encrypts data to safeguard communication between clients and servers. This makes it the perfect protocol for remote access in circumstances when security is a concern because all data exchanged between the two is encrypted and protected.
- Remote Access
SSH enables remote access to a server or computer via an unprotected network. This is advantageous for system management and troubleshooting since it allows people to interact with the distant system as if they were physically there.
- File Transfer
Users may safely transmit files and data across computers thanks to SSH’s capability for file transfer. This is especially helpful when sending confidential or sensitive materials that need to be secured.
- Tunneling
Additionally, SSH provides tunneling, enabling users to pass other network protocols through an SSH connection. As a result, users can safely access other network services like web servers and databases without exposing them to the general public’s internet.
- Cross-Platform Support
Windows, macOS, and Linux are just a few of the operating systems that support the cross-platform SSH protocol. This implies that users may access systems running various operating systems remotely via SSH.
How does SSH work?
Connection initiation: The client initiates a connection to the server. The server listens on a specific port (default is port 22) for incoming SSH connections.
Key exchange: The client and server perform a key exchange process to establish a secure connection. This involves generating encryption keys and agreeing on an encryption algorithm and other parameters for secure communication.
User authentication: Once the key exchange is complete, the server requests the client to authenticate itself. The client typically provides a username and password, although other authentication methods like public key authentication or certificate-based authentication can also be used.
Session encryption: After successful authentication, the client and server establish a secure encrypted channel for the session. All subsequent communication, including command execution and data transfer, is encrypted using the agreed-upon encryption algorithm.
Command execution and data transfer: The client can send commands to the servers, which are executed remotely. The output of the commands is sent back to the client over the encrypted channel. Additionally, files can be transferred securely between the client and server using SCP (Secure Copy) or SFTP (SSH File Transfer Protocol).
Connection termination: Once the session is complete, either the client or server can terminate the SSH connection
Activating an SSH Connection
You must ensure that the client and server components are set up on the local and distant machines, respectively, to establish an SSH connection. OpenSSH is a popular SSH program that is open source and used with Linux distributions. OpenSSH may be easily installed. Both the machine you use for connecting and the server’s terminal must be accessible. Keep in mind that the SSH server is not by default installed on Ubuntu.
Installing the OpenSSH Client
Before starting the installation, make sure you have not installed an SSH client. Many Linux distributions already come with SSH clients. Install PuTTY or a client of your choice to connect to the server on your Windows PC.
You must check to see if the client is usable on your Linux computer.
- Open an SSH window. You may either type “terminal” into your search engine or hit CTRL + ALT + T on your keyboard.
- In the terminal, enter after typing ssh.
- If the client is set up, you will get a response that appears as follows:
username@host:~$ ssh
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd]
[-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
username@host:~$
You can connect to the virtual or physical machine at this point. If not, you must set up the OpenSSH client:
Use the following command to install the OpenSSH client on your computer:
- install openssh-client with sudo apt-get
- When prompted, enter your superuser password.
- To complete the installation, press Enter.
If you have the required access rights and are aware of the hostname or IP address of any system that has the server-side program on it, you can now SSH onto that system.
If you have the required access rights and know the hostname or IP address of any system that has the server-side program installed, you can now SSH onto that system.
How to Install an OpenSSH Server
To accept SSH connections, the system must have an external SSH software toolkit.
Try connecting to the local host if you first want to see if the remote computer’s Ubuntu setup has an OpenSSH server that can accept SSH connections:
- Launch the server machine’s terminal. You may either type “terminal” into your search engine or hit CTRL + ALT + T on your keyboard.
- SSH localhost, then press Enter.
- The response will resemble this for systems without the SSH server installed:
username@host:~$ ssh localhost
ssh: connect to host localhost port 22: Connection refused username@host:~$
You must set up an OpenSSH server if the information above is accurate. The terminal should remain open.
- To install the SSH server, execute the following command:
sudo apt-get install openssh-server ii.
- When prompted, enter your superuser password.
- After the disc space prompt, press Enter and Y to let the installation proceed.
By entering the following command, you can determine whether the SSH server is operational on the workstation after the necessary support files have been installed:
sudo service ssh status
The response in the terminal should appear as follows if the SSH service is currently functioning properly:
username@host:-$ sudo service ssh status
- ssh.service – OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab Active: active (running) since Fr 2018-03-12 10:53:44 CET; 1min 22s ago Process: 1174 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCES Main PID: 3165 (sshd)
Run the ssh localhost command once more in your terminal prompt to see if the OpenSSH server is configured correctly and will accept connections. When you run the command for the first time, the result will resemble this screen:
username@host:~$ ssh localhost
The authenticity of host ‘localhost (127.0.0.1)’ can’t be established. ECDSA key fingerprint is SHA256:9jqmhko9Yo1EQAS1QeNy9xKceHFG5F8W6kp7EX9U3Rs. Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘localhost’ (ECDSA) to the list of known hosts.
username@host:~$
Enter y or yes to proceed.
You have set up your server to accept requests for SSH connections from other PCs’ SSH clients.
NOTE
Now, you can modify the SSH daemon configuration file, for instance, to alter the default port for SSH connections. At the terminal prompt, enter the upcoming command:
sudo nano /etc/ssh/sshd_config
The editor of your choice will open the configuration file. In this instance, Nano was used.
Run the following command to install Nano if necessary:
sudo apt-get install nano
Note that every time you change the sshd_config file, you must also restart the SSH service:
sudo service ssh restart
How to Connect via SSH
Now that the OpenSSH client and server are installed on all the machines you want, you can connect to your server. To do this:
- With an open SSH terminal on your computer, run the following command: ssh your_username@host_ip_address
You can just type: ssh host_ip_address if your username on your local computer matches the menu you wish to connect to. then click “Enter”.
- Enter your password after you’ve typed it. Keep in mind that when typing, there won’t be any feedback on the screen. Make sure your password is securely stored and not in a text file if you are pasting it.
- A server will ask you if you want to keep connecting when you connect to it for the first time. Just enter yes after typing it. Given that the remote server is not recognized on your local PC, this notice only occurs this time.
- You have now connected to the remote server and an ECDSA key fingerprint has been added.
Use a private IP address rather than a public one if the device you are attempting to connect to is also on the same network. If not, you are limited to using public IP addresses. In addition, confirm that the port forwarding is accurate and that you are aware of the proper TCP port that OpenSSH uses for connection requests. The default port is 22 if the sshd_config file is left alone. The port number will be followed by the host IP address.
The OpenSSH client communication request sample is shown below. Likewise, include the port number:
username@machine:~$ ssh phoenixnap@185.52.53.222 –p7654 phoenixnap@185.52.53.222’s password:
The authenticity of host ‘185.52.53.222 (185.52.53.222)’ can’t be established.
ECDSA key fingerprint is SHA256:9lyrpzo5Yo1EQAS2QeHy9xKceHFH8F8W6kp7EX2O3Ps. Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘ 185.52.53.222’ (ECDSA) to the list of known hosts.
username@host:~$
With a terminal, you can now manage and control a far-off machine. If you experience connectivity issues with a remote server, confirm that:
- The remote computer’s IP address is accurate.
- There are no firewall restrictions or erroneous port forwarding on the port the SSH daemon is listening on.
- Your password and username are both valid.
- The SSH program has been correctly installed.
Improve SSH Security
We strongly advise taking a few further measures to increase SSH security when you can access your server using SSH. If you leave the configuration at its default settings, your server is more vulnerable to hacking and might be easily the target of automated attacks.
Some tips for strengthening SSH through modification of the sshd configuration file include:
- The SSH daemon’s default TCP port should be modified. Change it from 22 to a substantially higher number, like 24596. Don’t use a port number that is simple to deduce, such as 222, 2222, or 22222.
- To authenticate while logging into SSH without a password, use SSH key pairs. You can check in more quickly and conveniently without using your password, and they are both safer.
- On your server, disable password-based logins. It will be hard for anyone to access your servers if your password is cracked. Prior to removing the password login option, it is imperative to ensure that key pair-based authentication is functioning effectively.
- Use the su – command to change from the ordinary user to the root user on your server and disable root access.
You can use TCP wrappers to restrict access to specific IP addresses or hostnames. Edit the /etc/hosts.allow and etc/hosts.deny files to configure the host to connect using the TCP wrapper.
Note that allowing owners to change is denied , owners.
As an illustration, you would add the following two lines to other etc/hosts to first restrict access to all hosts before allowing SSH access to a particular host.deny:
sshd : ALL
ALL : ALL
Then add a line to the other/hosts.allow file containing the hosts allowed by the SSH service. This can be a hostname, a range of IP addresses, or a single IP address: SSH server: 10.10.0.
5. Position.
This ensures that security is applied to multiple layers and that your login information is always safe. Use various methods to restrict SSH access to your server or use services that restrict access. An example of this service is fail2ban..
Final Words
SSH connects a client and server by utilizing a set of cryptographic keys to create a connection. The client starts the connection by sending the server its public key, which the server then validates and transmits back to the client along with its public key. After confirming the server’s key, the client initiates the connection.
As soon as the connection is made, the user may utilize the remote system to issue instructions just like they were there in person. SSH also offers file transfers and tunneling, which enables users to tunnel other network protocols through the SSH connection or transmit files and data securely between systems.
SSH is, in general, a crucial tool for anybody involved in IT or who wants to safely access a computer or server remotely.
You can learn about linux more deeply by clicking the link below
https://linuxiron.com/what-is-linux-a-whole-introduction/
Learn about the other linux commands by clicking the links below
https://linuxiron.com/echo-command-in-linux/
https://linuxiron.com/how-to-use-nice-renice-commands-in-linux/
https://linuxiron.com/how-to-use-kill-commands-in-linux/
https://linuxiron.com/a-beginners-guide-to-htop-for-process-management/
https://linuxiron.com/15-useful-yum-commands-in-linux/
https://linuxiron.com/how-to-use-the-top-command-in-linux/
https://linuxiron.com/17-ps-command-to-monitor-linux-process-with-examples-linuxiron/
https://linuxiron.com/12-cat-commands-in-linux-with-examples/
https://linuxiron.com/archiving-and-compressing-files-and-directories-in-linux/
All you must do to create a password-free SSH login in Linux is create a public authentication key and add it to the remote host’s authorized_keys file. The technique for setting up passwordless SSH login can be understood by referring to the steps below: Verify if an SSH key pair already exists.
SSH is a secure shell protocol used to access Linux workstations remotely and securely. A shell session, which is a text-based interface, is connected to when you connect to a remote machine using an already-existing account.
The following are benefits of the PuTTY key format: The public key’s other half is kept in plaintext. The private key format used by OpenSSH encrypts the whole key file, preventing the client from using the key without first requesting your passphrase.
The most widely used free SSH and telnet client worldwide is called PuTTY.
Windows has a flexible terminal program called PuTTY. It is the most popular free SSH client in the world. It supports connections through SSH, telnet, and raw sockets with efficient terminal emulation. Public key authentication and Kerberos single-sign-on are both supported.