Disclaimer: This post does not go in depth for each of the Operating Systems since there are far too many. However, I will use Ubuntu Linux as an example for this guide.

What is SSH?

SSH, or Secure Shell, is a network protocol used to securely access and manage a computer over an unsecured network. It provides a secure channel over an otherwise insecure network by using a client-server architecture, allowing users to log into another computer over a network, execute commands in a remote machine, and move files from one machine to another.

SSH uses strong encryption to ensure that the communication between the client and the server is encrypted, making it difficult for eavesdroppers to capture passwords or other sensitive information. It’s widely used by system administrators for managing systems and applications remotely, allowing for secure file transfer, command-line login, and other network services between two networked computers.

SSH operates on the principle of public key cryptography, where two keys are used: a public key, which can be shared with anyone, and a private key, which is kept secret. When you connect to a server using SSH, your client uses the server’s public key to encrypt a message. Only the server’s private key can decrypt this message, ensuring that only the intended recipient can read it.

The protocol also provides mechanisms for authenticating the client to the server, usually through a combination of passwords, public key authentication, and sometimes two-factor authentication methods. SSH is used in a wide variety of applications, from remote system maintenance and file transfers to more advanced uses like setting up VPNs (Virtual Private Networks) and forwarding graphical user interfaces over network connections.

Setting up an SSH Server

Let’s assume that your SSH server will be in an Ubuntu System.

  1. Install OpenSSH Server:

    1
    2
    sudo apt update
    sudo apt install openssh-server

  2. Start the SSH service:

    Start the SSH service:

    1
    sudo systemctl start sshd

    To ensure SSH starts on boot:

    1
    sudo systemctl enable sshd

    NOTE: On many Linux distributions including Ubuntu, the service name for the SSH server is ssh and not sshd. This can lead to confusion because the daemon itself is often referred to as sshd. If so, replace sshd with ssh when typing in the command line.

  3. Configure the SSH server:

    Edit the configuration file, usually found at /etc/ssh/sshd_config, to change settings like port number, disable root login, etc.

    After making changes, restart the SSH service:

    1
    sudo systemctl restart sshd

  4. Check the firewall:

    Ensure your firewall allows connections on the SSH port (default is 22).

  5. Additional Info:

    To stop the SSH server:

    1
    sudo systemctl stop sshd

    To disable start on boot:

    1
    sudo systemctl disable sshd

    Check status:

    1
    sudo systemctl status sshd

    Check the SSH port using:

    1
    vim /etc/ssh/sshd_config

How to set up an SSH Client

After setting up your SSH server, clients need to connect to it securely. Here’s how you can set up an SSH client on Ubuntu Linux and initiate a connection. Again, we will assume your client is using an Ubuntu.

  1. Install OpenSSH Client:

    Most Linux distributions, including Ubuntu, come with the OpenSSH client installed by default. You can check if it is installed using the command which ssh. If for some reason it’s not installed, you can easily install it using the following command:

    1
    2
    sudo apt update
    sudo apt install openssh-client

  2. Generate SSH Keys (Optional):

    For a more secure authentication method than passwords, you can use SSH keys. To generate a new SSH key pair, enter the following command:

    1
    ssh-keygen -t rsa -b 4096

    • Follow the prompts to specify where to save the key and whether to use a passphrase for added security.

    • The public key (default ~/.ssh/id_rsa.pub) needs to be copied to the server for key-based authentication.

  3. Copy the Public Key to the Server (Optional):

    You can use the ssh-copy-id utility to copy your public key to the server’s authorized keys list. This step is required for key-based authentication.

    1
    ssh-copy-id username@server-address
    • Replace username with your user on the server and server-address with the server’s IP address or hostname.

Connecting to SSH Server

  1. Initiate an SSH Connection:

    To connect to the SSH server, use the following command:

    1
    ssh username@server-address
    • Replace username with your user on the server and server-address with the server’s IP address or hostname.
    • If you’ve changed the SSH port from the default (22), use the -p option to specify it, like ssh -p port_number username@server-address.

  2. First Connection Trust:

    On the first connection, you will be asked to verify the server’s fingerprint. Type yes to continue connecting and add the server to your list of known hosts.

  3. Authenticate:

    • If using password authentication, enter your password when prompted.
    • If using key-based authentication and you’ve set a passphrase for your private key, you’ll need to enter it.

  4. You’re Connected:

    Once authenticated, you’ll be logged into the server’s command line interface, ready to execute commands remotely.

Adding User

Creating a user on a server that you can access via SSH generally requires administrative privileges. On most Linux and UNIX-like systems, including those you might commonly SSH into, user management is performed through command-line tools such as useradd or adduser. I will teach how to create a user that uses bash shell and has its own home directory. Here’s how you can do it:

  1. Open your SSH into your server

  2. Use the useradd command with specific options:

    1
    sudo useradd -m -s /bin/bash newusername
    • The -m option tells useradd to create the user’s home directory if it does not already exist. The home directory will be located at /home/newusername by default.
    • The -s /bin/bash option sets the user’s default shell to bash. The path /bin/bash is the typical location of the bash shell on most Linux distributions.

  3. Set a password for the new user:

    1
    sudo passwd newusername

    Giving sudo privileges

    1
    sudo usermod -aG sudo username

    Removing sudo privileges

    1
    sudo deluser username sudo

Conclusion

SSH provides a secure way to access and manage servers over an insecure network. By following the steps outlined for setting up an SSH server and client, you can establish a secure connection between machines, ensuring encrypted communication and enhancing your system’s security.

Remember, always verify your settings and ensure that both your client and server are configured correctly to prevent unauthorized access.