Simple Secure Shell

30 October 2021 - 5 mins read time
Tags: SSH linux-server

Simple Secure Shell setup

SSH stands for simple secured shell. The ssh command contains of 3-parts

#OpenSSH provides a server daemon and client tools to facilitate secure remote control and file transfer operation.

OpenSSH Client-Side

#OpenSSH provides several client tools to facilitate secure remote control and file transfer operation. Install openssh using following command.

sudo apt install openssh-client

#OpenSSH has a client side component, ssh, which connects client to the server.

ssh {user}@{host}

here, user is the name of the account that you want to access, and host is the [[IP address]] or the [[Domain name]] of the server.

• To use ssh, first we need to install ssh-server
• Then we can ssh into other system using the password or ssh-key.

Generating RSA key pair

Use the ssh-keygen CLT for creating RSA key pair on the client machine (your local computer).

ssh-keygen -t rsa

Now, just follow the instruction given in the terminal.

The key will be stored at ~/.ssh

If you overwrite the previously generated RSA key, then the applications which use that key will not work properly. Therefore, I always name the RSA key according to the purpose of generating it.

|-- config
|-- config_bk
|-- easifem_dev_rsa
|-- easifem_dev_rsa.pub
|-- github_easifem_rsa
|-- github_easifem_rsa.pub
|-- id_rsa
|-- id_rsa.pub
|-- known_hosts

Every time we generate RSA key, we get two files named XXX_rsa and XXX_rsa.pub. The former is a private key, and the latter is a public key.

Placing public key to hosting server

The easiest way to copy your public key from client the hosting server is to use a CLT called ssh-copy-id.

In this method, we need to specify the remote server that we would like to connect to. Therefore, in this method we should have the credentials to access the server. The syntax is

ssh-copy-id username@remote_host

Subsequently, follow the instruction on the screen. This process will copy the content of id_rsa.pub to the remote server at ~/.ssh/authorized_keys. After this step you will be able to access the remote server using

ssh username@remote_host -p PORT_NUMBER

If you do not ssh-copy-id then use the following process to copy the content of id_rsa.pub from local machine (client) to the remote server’s ~/.ssh/authorized_keys.

cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

Lastly, if you do not have access to remote, then you have to manually copy the content of id_rsa.pub from client to authorized_keys of remote server.

Make sure that on the server side ~/.ssh and authorized_keys have correct permission set:

chmod -R go ~/.ssh

ssh-configuration

In ~/.ssh directory you will see a file named config, if this file is not present then create it. Then open it in a text editor and add following lines to it.

# connecting to my ubuntu-server
Host linux
  HostName 192.168.1.15
  User vikassharma
  Port 2222
  IdentityFile ~/.ssh/easifem_linux_rsa

Now we can connect to the server using ssh linux.

There are several ways to define IP in hostname

• 192.168.1.* matches 192.168.1.0 to 192.168.1.24
• 192.168.1.? matches excatly one character, i.e. 192.168.1.0 to 192.168.1.9.

OpenSSH Server-side

#OpenSSH provides a server daemon and client tools to facilitate secure remote control and file transfer operation.

#OpenSSH has a server component, sshd, which listens continuously for client connections from any of the client tools.

INSTALL

sudo apt install openssh-server

CONFIGURATON

Configuration file is located /etc/ssh/sshd_config. There are many directives in the sshd config file. Before editing make a copy of sshd_config.

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original

Now check the config before restarting ssh.

sudo sshd -t -f /etc/ssh/sshd_config

LISTEN TO THE PORT

Port 2222

sshd by default listens to the TCP port 22.

Banner

Banner /etc/issue.net

My ssh configuration

Activating modifications

sudo systemclt status ssh
sudo systemclt restart sshd.service
sudo ufw alow ssh
sudo systemclt enable ssh

Stop and disable ssh

sudo systemctl stop ssh

This will stop the service until you restart it or until the system rebooted. To restart it you can type

sudo systemctl start ssh

If you want to disable it from starting during system boot, use

sudo systemctl disable ssh

This will not stop the service from running during the current session, just from loading during startup. If you want to start again during system boot, type:

sudo systemctl enable ssh

Getting IP address

ip address

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 2c:d4:44:ae:a1:3a brd ff:ff:ff:ff:ff:ff
3: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c0:d9:62:0b:c2:02 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.15/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp4s0
       valid_lft 64284sec preferred_lft 64284sec
    inet6 fe80::f53a:7745:52fc:1573/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

So the ip address of my system is inet 192.168.1.15. Now, from the client side we using ssh vikassharma@192.168.1.15 to connect to the remote server.