Simple Secure Shell
Simple Secure Shell setup
SSH stands for simple secured shell. The ssh command contains of 3-parts
#OpenSSH provides a server daemon and client tools to facilitate secure remote control and file transfer operation.
OpenSSH Client-Side
#OpenSSH provides several client tools to facilitate secure remote control and file transfer operation. Install openssh
using following command.
sudo apt install openssh-client
#OpenSSH has a client side component, ssh
, which connects client to the server.
ssh {user}@{host}
here, user
is the name of the account that you want to access, and host
is the [[IP address]] or the [[Domain name]] of the server.
- To use ssh, first we need to install
ssh-server
- Then we can ssh into other system using the password or ssh-key.
Generating RSA key pair
Use the ssh-keygen
CLT for creating RSA key pair on the client machine (your local computer).
ssh-keygen -t rsa
Now, just follow the instruction given in the terminal.
The key will be stored at
~/.ssh
If you overwrite the previously generated RSA key, then the applications which use that key will not work properly. Therefore, I always name the RSA key according to the purpose of generating it.
|-- config
|-- config_bk
|-- easifem_dev_rsa
|-- easifem_dev_rsa.pub
|-- github_easifem_rsa
|-- github_easifem_rsa.pub
|-- id_rsa
|-- id_rsa.pub
|-- known_hosts
Every time we generate RSA key, we get two files named XXX_rsa
and XXX_rsa.pub
. The former is a private key, and the latter is a public key.
Placing public key to hosting server
The easiest way to copy your public key from client the hosting server is to use a CLT called ssh-copy-id
.
In this method, we need to specify the remote server that we would like to connect to. Therefore, in this method we should have the credentials to access the server. The syntax is
ssh-copy-id username@remote_host
Subsequently, follow the instruction on the screen. This process will copy the content of id_rsa.pub
to the remote server at ~/.ssh/authorized_keys
. After this step you will be able to access the remote server using
ssh username@remote_host -p PORT_NUMBER
If you do not ssh-copy-id
then use the following process to copy the content of id_rsa.pub
from local machine (client) to the remote server’s ~/.ssh/authorized_keys
.
cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"
Lastly, if you do not have access to remote, then you have to manually copy the content of id_rsa.pub
from client to authorized_keys
of remote server.
Make sure that on the server side ~/.ssh
and authorized_keys
have correct permission set:
chmod -R go ~/.ssh
ssh-configuration
In ~/.ssh
directory you will see a file named config
, if this file is not present then create it. Then open it in a text editor and add following lines to it.
# connecting to my ubuntu-server
Host linux
HostName 192.168.1.15
User vikassharma
Port 2222
IdentityFile ~/.ssh/easifem_linux_rsa
Now we can connect to the server using ssh linux
.
There are several ways to define IP in hostname
192.168.1.*
matches192.168.1.0
to192.168.1.24
192.168.1.?
matches excatly one character, i.e.192.168.1.0
to192.168.1.9
.
OpenSSH Server-side
#OpenSSH provides a server daemon and client tools to facilitate secure remote control and file transfer operation.
#OpenSSH has a server component, sshd
, which listens continuously for client connections from any of the client tools.
INSTALL
sudo apt install openssh-server
CONFIGURATON
Configuration file is located /etc/ssh/sshd_config
. There are many directives in the sshd config file. Before editing make a copy of sshd_config
.
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original
Now check the config before restarting ssh.
sudo sshd -t -f /etc/ssh/sshd_config
LISTEN TO THE PORT
Port 2222
sshd
by default listens to the TCP port 22.
Banner
Banner /etc/issue.net
My ssh configuration
Activating modifications
sudo systemclt status ssh
sudo systemclt restart sshd.service
sudo ufw alow ssh
sudo systemclt enable ssh
Stop and disable ssh
sudo systemctl stop ssh
This will stop the service until you restart it or until the system rebooted. To restart it you can type
sudo systemctl start ssh
If you want to disable it from starting during system boot, use
sudo systemctl disable ssh
This will not stop the service from running during the current session, just from loading during startup. If you want to start again during system boot, type:
sudo systemctl enable ssh
Getting IP address
ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
link/ether 2c:d4:44:ae:a1:3a brd ff:ff:ff:ff:ff:ff
3: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c0:d9:62:0b:c2:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.15/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp4s0
valid_lft 64284sec preferred_lft 64284sec
inet6 fe80::f53a:7745:52fc:1573/64 scope link noprefixroute
valid_lft forever preferred_lft forever
So the ip address of my system is inet 192.168.1.15
. Now, from the client side we using ssh vikassharma@192.168.1.15
to connect to the remote server.