Linux Networks

An Introduction to Using SSH on Linux

admin0

Secure Shell (SSH) is a network protocol that allows you to securely connect to a remote computer and transfer files over an unsecured network. It is widely used in system administration, network engineering, and software development to remotely manage servers, perform tasks, and transfer files.

SSH uses public-key cryptography and password-based authentication to secure the connection and protect the privacy of data exchanged between the client and the server. It is also used to tunnel other network protocols, such as X11, HTTP, and SMTP, through an encrypted channel.

The goal of this article is to serve as an introduction to using SSH on Linux.

Benefits of SSH

There are several benefits to using Secure Shell (SSH) to manage and access remote servers:

  1. Security: SSH uses strong encryption to secure the connection and protect the privacy of data exchanged between the client and the server. This makes it a safe and secure way to remotely access and manage servers.
  2. Authentication: SSH supports both password-based and public-key authentication, which allows you to secure the connection with a strong, unique password or a pair of cryptographic keys.

  3. Ease of use: SSH is easy to use and available on most operating systems, which makes it a convenient way to remotely access and manage servers.

  4. Tunneling: SSH allows you to tunnel other network protocols through an encrypted channel, which can be useful for bypassing firewalls, accessing resources on a private network, or securely transmitting sensitive data.

  5. Scriptability: SSH is a command-line utility that can be easily scripted, which makes it a powerful tool for automating tasks and managing large numbers of servers.

  6. Compatibility: SSH is widely supported and compatible with most operating systems and network devices, which makes it a flexible and reliable way to remotely access and manage servers.

SSH Use Cases

Secure Shell (SSH) is typically used to remotely access and manage servers, as well as to securely transfer files between systems. Here are some common use cases for SSH:

  1. Remote server management: SSH is commonly used to remotely log in to servers and perform tasks, such as installing software, configuring services, and running commands.

  2. File transfer: SSH can be used to securely transfer files between systems using the scp (Secure Copy) or sftp (Secure File Transfer Protocol) utilities.

  3. Tunneling: SSH can be used to tunnel other network protocols through an encrypted channel, which can be useful for bypassing firewalls, accessing resources on a private network, or securely transmitting sensitive data.

  4. Automation: SSH can be easily scripted, which makes it a powerful tool for automating tasks and managing large numbers of servers.

  5. Remote desktop: SSH can be used to remotely access the desktop of a remote computer using the ssh -X or ssh -Y options, which allow you to run GUI applications on the remote server and display them on your local machine.

In general, SSH is a useful tool for remotely accessing and managing servers, as well as for securely transferring files and tunneling other network protocols.

In this tutorial, we will learn the basics of SSH and how to use it to connect to and manage remote servers.

Connecting to a Remote Server using SSH

To connect to a remote server using SSH, you will need an SSH client and the IP address or hostname of the server. The most commonly used SSH client is ssh, which is a command-line utility that comes with most Unix-like operating systems.

To connect to a server, open a terminal and type the following command:

ssh username@hostname

Replace username with your username on the server, and hostname with the hostname or IP address of the server.

ssh user@example.com

The first time you connect to the server, you will be prompted to verify the authenticity of the server’s host key. Type yes to continue and add the host key to your ~/.ssh/known_hosts file.

The authenticity of host 'example.com (192.168.1.100)' can't be established. ECDSA key fingerprint is SHA256:3BzrKG.
Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added example.com,192.168.1.100' (ECDSA) to the list of known hosts.`

You will then be prompted to enter your password. Type your password and press Enter to log in.

user@example.com's password:

If the login is successful, you will see a welcome message and the command prompt will change to reflect the remote server.

Last login: Mon Jan 1 00:00:00 2018 from 192.168.1.1 Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
user@server:~$

You can now run commands on the remote server as if you were sitting in front of it. To log out, type exit and press Enter.

user@server:~$ exit logout Connection to example.com closed.

Using SSH Keys

In addition to password-based authentication, SSH also supports public-key authentication, which uses a pair of cryptographic keys to authenticate the connection.

To use public-key authentication, you will need to generate a pair of SSH keys and copy the public key to the server.

To generate a new SSH key pair, open a terminal and type the following command:

ssh-keygen -t type

Replace type with the type of key you want to generate, such as rsa or ed25519. By default, ssh-keygen will generate an rsa key with a length of 2048 bits.

ssh-keygen -t rsa

The utility will prompt you to enter a file in which to save the key, and to enter a passphrase to protect the key. You can accept the default location (~/.ssh/id_rsa) and leave the passphrase empty, or you can specify a different location and passphrase.

Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again:

Once the key pair is generated, ssh-keygen will display the public key and the fingerprint of the key.

Your identification has been saved in/home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is:
...

The public key (id_rsa.pub) can be shared with others, while the private key (id_rsa) should be kept secret.

To copy the public key to the server, use the ssh-copy-id utility.

ssh-copy-id username@hostname

Replace username with your username on the server, and hostname with the hostname or IP address of the server.

ssh-copy-id user@example.com

You will be prompted to enter your password to authenticate the copy.

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log inwith the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed

Once the public key is copied to the server, you can use public-key authentication to log in to the server without a password. To log in using public-key authentication, use the ssh command with the -i option to specify the path to the private key.

ssh -i ~/.ssh/id_rsa username@hostname

Replace username with your username on the server, hostname with the hostname or IP address of the server, and ~/.ssh/id_rsa with the path to your private key.

ssh -i ~/.ssh/id_rsa user@example.com

If the login is successful, you will see a welcome message and the command prompt will change to reflect the remote server.

Last login: Mon Jan 1 00:00:00 2018 from 192.168.1.1 Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)

Using SSH Tunnels

In addition to securely connecting to a remote server, SSH can also be used to tunnel other network protocols through an encrypted channel. This can be useful for bypassing firewalls, accessing resources on a private network, or securely transmitting sensitive data.

To create an SSH tunnel, use the ssh command with the -L or -R options. The -L option allows you to forward a local port to a remote port on the server.

ssh -L local_port:localhost:remote_port username@hostname

Replace local_port with the local port you want to forward, remote_port with the remote port you want to connect to on the server, username with your username on the server, and hostname with the hostname or IP address of the server.

ssh -L 8080:localhost:80 user@example.com

This will forward local port 8080 to remote port 80 on the server, allowing you to access the server’s web server on port 8080 on your local machine. The -R option allows you to forward a remote port to a local port on your machine.

ssh -R remote_port:localhost:local_port username@hostname

Replace remote_port with the remote port you want to forward, local_port with the local port you want to connect to on your machine, username with your username on the server, and hostname with the hostname or IP address of the server.

ssh -R 8080:localhost:80 user@example.com

This will forward remote port 8080 to local port 80 on your machine, allowing you to access your local web server on port 8080 on the server.

Conclusion

In this tutorial, we learned the basics of Secure Shell (SSH) and how to use it to connect to and manage remote servers. We saw how to connect to a server using the ssh command, how to use SSH keys for public-key authentication, and how to use SSH tunnels to forward ports and tunnel other network protocols.

I hope this tutorial has helped you understand the basics of SSH and how to use it effectively to manage your remote servers!

Related posts

Mastering the Linux ifconfig Command

Docker Exec Command With Practical Examples

Debugging with Git Bisect

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More