Secure Shell (SSH) is a network protocol that allows you to securely connect to a remote computer and transfer files over an unsecured network. It is widely used in system administration, network engineering, and software development to remotely manage servers, perform tasks, and transfer files.
SSH uses public-key cryptography and password-based authentication to secure the connection and protect the privacy of data exchanged between the client and the server. It is also used to tunnel other network protocols, such as X11, HTTP, and SMTP, through an encrypted channel.
The goal of this article is to serve as an introduction to using SSH on Linux.
Benefits of SSH
There are several benefits to using Secure Shell (SSH) to manage and access remote servers:
- Security: SSH uses strong encryption to secure the connection and protect the privacy of data exchanged between the client and the server. This makes it a safe and secure way to remotely access and manage servers.
- Authentication: SSH supports both password-based and public-key authentication, which allows you to secure the connection with a strong, unique password or a pair of cryptographic keys.
-
Ease of use: SSH is easy to use and available on most operating systems, which makes it a convenient way to remotely access and manage servers.
-
Tunneling: SSH allows you to tunnel other network protocols through an encrypted channel, which can be useful for bypassing firewalls, accessing resources on a private network, or securely transmitting sensitive data.
-
Scriptability: SSH is a command-line utility that can be easily scripted, which makes it a powerful tool for automating tasks and managing large numbers of servers.
-
Compatibility: SSH is widely supported and compatible with most operating systems and network devices, which makes it a flexible and reliable way to remotely access and manage servers.
SSH Use Cases
Secure Shell (SSH) is typically used to remotely access and manage servers, as well as to securely transfer files between systems. Here are some common use cases for SSH:
- Remote server management: SSH is commonly used to remotely log in to servers and perform tasks, such as installing software, configuring services, and running commands.
-
File transfer: SSH can be used to securely transfer files between systems using the
scp
(Secure Copy) orsftp
(Secure File Transfer Protocol) utilities. -
Tunneling: SSH can be used to tunnel other network protocols through an encrypted channel, which can be useful for bypassing firewalls, accessing resources on a private network, or securely transmitting sensitive data.
-
Automation: SSH can be easily scripted, which makes it a powerful tool for automating tasks and managing large numbers of servers.
-
Remote desktop: SSH can be used to remotely access the desktop of a remote computer using the
ssh -X
orssh -Y
options, which allow you to run GUI applications on the remote server and display them on your local machine.
In general, SSH is a useful tool for remotely accessing and managing servers, as well as for securely transferring files and tunneling other network protocols.
In this tutorial, we will learn the basics of SSH and how to use it to connect to and manage remote servers.
Connecting to a Remote Server using SSH
To connect to a remote server using SSH, you will need an SSH client and the IP address or hostname of the server. The most commonly used SSH client is ssh
, which is a command-line utility that comes with most Unix-like operating systems.
To connect to a server, open a terminal and type the following command:
ssh username@hostname
Replace username
with your username on the server, and hostname
with the hostname or IP address of the server.
ssh user@example.com
The first time you connect to the server, you will be prompted to verify the authenticity of the server’s host key. Type yes
to continue and add the host key to your ~/.ssh/known_hosts
file.
The authenticity of host 'example.com (192.168.1.100)' can't be established. ECDSA key fingerprint is SHA256:3BzrKG.
Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added example.com,192.168.1.100' (ECDSA) to the list of known hosts.`
You will then be prompted to enter your password. Type your password and press Enter
to log in.
user@example.com's password:
If the login is successful, you will see a welcome message and the command prompt will change to reflect the remote server.
Last login: Mon Jan 1 00:00:00 2018 from 192.168.1.1 Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
user@server:~$
You can now run commands on the remote server as if you were sitting in front of it. To log out, type exit
and press Enter
.
user@server:~$ exit logout Connection to example.com closed.
Using SSH Keys
In addition to password-based authentication, SSH also supports public-key authentication, which uses a pair of cryptographic keys to authenticate the connection.
To use public-key authentication, you will need to generate a pair of SSH keys and copy the public key to the server.
To generate a new SSH key pair, open a terminal and type the following command:
ssh-keygen -t type
Replace type
with the type of key you want to generate, such as rsa
or ed25519
. By default, ssh-keygen
will generate an rsa
key with a length of 2048 bits.
ssh-keygen -t rsa
The utility will prompt you to enter a file in which to save the key, and to enter a passphrase to protect the key. You can accept the default location (~/.ssh/id_rsa
) and leave the passphrase empty, or you can specify a different location and passphrase.
Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again:
Once the key pair is generated, ssh-keygen
will display the public key and the fingerprint of the key.
Your identification has been saved in/home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is:
...
The public key (id_rsa.pub
) can be shared with others, while the private key (id_rsa
) should be kept secret.
To copy the public key to the server, use the ssh-copy-id
utility.
ssh-copy-id username@hostname
Replace username
with your username on the server, and hostname
with the hostname or IP address of the server.
ssh-copy-id user@example.com
You will be prompted to enter your password to authenticate the copy.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log inwith the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed
Once the public key is copied to the server, you can use public-key authentication to log in to the server without a password. To log in using public-key authentication, use the ssh
command with the -i
option to specify the path to the private key.
ssh -i ~/.ssh/id_rsa username@hostname
Replace username
with your username on the server, hostname
with the hostname or IP address of the server, and ~/.ssh/id_rsa
with the path to your private key.
ssh -i ~/.ssh/id_rsa user@example.com
If the login is successful, you will see a welcome message and the command prompt will change to reflect the remote server.
Last login: Mon Jan 1 00:00:00 2018 from 192.168.1.1 Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
Using SSH Tunnels
In addition to securely connecting to a remote server, SSH can also be used to tunnel other network protocols through an encrypted channel. This can be useful for bypassing firewalls, accessing resources on a private network, or securely transmitting sensitive data.
To create an SSH tunnel, use the ssh
command with the -L
or -R
options. The -L
option allows you to forward a local port to a remote port on the server.
ssh -L local_port:localhost:remote_port username@hostname
Replace local_port
with the local port you want to forward, remote_port
with the remote port you want to connect to on the server, username
with your username on the server, and hostname
with the hostname or IP address of the server.
ssh -L 8080:localhost:80 user@example.com
This will forward local port 8080
to remote port 80
on the server, allowing you to access the server’s web server on port 8080
on your local machine. The -R
option allows you to forward a remote port to a local port on your machine.
ssh -R remote_port:localhost:local_port username@hostname
Replace remote_port
with the remote port you want to forward, local_port
with the local port you want to connect to on your machine, username
with your username on the server, and hostname
with the hostname or IP address of the server.
ssh -R 8080:localhost:80 user@example.com
This will forward remote port 8080
to local port 80
on your machine, allowing you to access your local web server on port 8080
on the server.
Conclusion
In this tutorial, we learned the basics of Secure Shell (SSH) and how to use it to connect to and manage remote servers. We saw how to connect to a server using the ssh
command, how to use SSH keys for public-key authentication, and how to use SSH tunnels to forward ports and tunnel other network protocols.
I hope this tutorial has helped you understand the basics of SSH and how to use it effectively to manage your remote servers!