A Guide on SSH
Disclaimer: This post does not go in depth for each of the Operating Systems since there are far too many. However, I will use Ubuntu Linux as an example for this guide.
What is SSH?
SSH, or Secure Shell, is a network protocol used to securely access and manage a computer over an unsecured network. It provides a secure channel over an otherwise insecure network by using a client-server architecture, allowing users to log into another computer over a network, execute commands in a remote machine, and move files from one machine to another.
SSH uses strong encryption to ensure that the communication between the client and the server is encrypted, making it difficult for eavesdroppers to capture passwords or other sensitive information. It’s widely used by system administrators for managing systems and applications remotely, allowing for secure file transfer, command-line login, and other network services between two networked computers.
SSH operates on the principle of public key cryptography, where two keys are used: a public key, which can be shared with anyone, and a private key, which is kept secret. When you connect to a server using SSH, your client uses the server’s public key to encrypt a message. Only the server’s private key can decrypt this message, ensuring that only the intended recipient can read it.
The protocol also provides mechanisms for authenticating the client to the server, usually through a combination of passwords, public key authentication, and sometimes two-factor authentication methods. SSH is used in a wide variety of applications, from remote system maintenance and file transfers to more advanced uses like setting up VPNs (Virtual Private Networks) and forwarding graphical user interfaces over network connections.
Setting up an SSH Server
Let’s assume that your SSH server will be in an Ubuntu System.
Install OpenSSH Server:
1
2sudo apt update
sudo apt install openssh-serverStart the SSH service:
Start the SSH service:
1
sudo systemctl start sshd
To ensure SSH starts on boot:
1
sudo systemctl enable sshd
NOTE: On many Linux distributions including Ubuntu, the service name for the SSH server is
ssh
and notsshd
. This can lead to confusion because the daemon itself is often referred to assshd
. If so, replace sshd with ssh when typing in the command line.Configure the SSH server:
Edit the configuration file, usually found at
/etc/ssh/sshd_config
, to change settings like port number, disable root login, etc.After making changes, restart the SSH service:
1
sudo systemctl restart sshd
Check the firewall:
Ensure your firewall allows connections on the SSH port (default is 22).
Additional Info:
To stop the SSH server:
1
sudo systemctl stop sshd
To disable start on boot:
1
sudo systemctl disable sshd
Check status:
1
sudo systemctl status sshd
Check the SSH port using:
1
vim /etc/ssh/sshd_config
How to set up an SSH Client
After setting up your SSH server, clients need to connect to it securely. Here’s how you can set up an SSH client on Ubuntu Linux and initiate a connection. Again, we will assume your client is using an Ubuntu.
Install OpenSSH Client:
Most Linux distributions, including Ubuntu, come with the OpenSSH client installed by default. You can check if it is installed using the command
which ssh
. If for some reason it’s not installed, you can easily install it using the following command:1
2sudo apt update
sudo apt install openssh-clientGenerate SSH Keys (Optional):
For a more secure authentication method than passwords, you can use SSH keys. To generate a new SSH key pair, enter the following command:
1
ssh-keygen -t rsa -b 4096
Follow the prompts to specify where to save the key and whether to use a passphrase for added security.
The public key (default
~/.ssh/id_rsa.pub
) needs to be copied to the server for key-based authentication.
Copy the Public Key to the Server (Optional):
You can use the
ssh-copy-id
utility to copy your public key to the server’s authorized keys list. This step is required for key-based authentication.1
ssh-copy-id username@server-address
- Replace
username
with your user on the server andserver-address
with the server’s IP address or hostname.
- Replace
Connecting to SSH Server
Initiate an SSH Connection:
To connect to the SSH server, use the following command:
1
ssh username@server-address
- Replace
username
with your user on the server andserver-address
with the server’s IP address or hostname. - If you’ve changed the SSH port from the default (22), use the
-p
option to specify it, likessh -p port_number username@server-address
.
- Replace
First Connection Trust:
On the first connection, you will be asked to verify the server’s fingerprint. Type
yes
to continue connecting and add the server to your list of known hosts.Authenticate:
- If using password authentication, enter your password when prompted.
- If using key-based authentication and you’ve set a passphrase for your private key, you’ll need to enter it.
You’re Connected:
Once authenticated, you’ll be logged into the server’s command line interface, ready to execute commands remotely.
Adding User
Creating a user on a server that you can access via SSH generally requires administrative privileges. On most Linux and UNIX-like systems, including those you might commonly SSH into, user management is performed through command-line tools such as useradd
or adduser
. I will teach how to create a user that uses bash shell and has its own home directory. Here’s how you can do it:
Open your SSH into your server
Use the
useradd
command with specific options:1
sudo useradd -m -s /bin/bash newusername
- The
-m
option tellsuseradd
to create the user’s home directory if it does not already exist. The home directory will be located at/home/newusername
by default. - The
-s /bin/bash
option sets the user’s default shell to bash. The path/bin/bash
is the typical location of the bash shell on most Linux distributions.
- The
Set a password for the new user:
1
sudo passwd newusername
Giving sudo privileges
1
sudo usermod -aG sudo username
Removing sudo privileges
1
sudo deluser username sudo
Conclusion
SSH provides a secure way to access and manage servers over an insecure network. By following the steps outlined for setting up an SSH server and client, you can establish a secure connection between machines, ensuring encrypted communication and enhancing your system’s security.
Remember, always verify your settings and ensure that both your client and server are configured correctly to prevent unauthorized access.