What is ssh - Secure Shell
Secure shell is a secure communication protocol that can be used for remote administration (like a webserver) over a terminal.
It is technically a secure version of telnet. A shell access on any system enables a user to run commands and control the system.
If you have worked on linux servers online from command line, you probably have used it.
The communication is wrapped with ssl encryption and called secure shell.
Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel.
For secure shell, we need 2 components. First is the secure shell server that runs on the machine that is to be controlled remotely. And the other part is an ssh client that can speak the ssh protocol and communicate with the ssh server.
In this post we are going to see how to setup the ssh server and client on ubuntu and do some secure communication.
Install OpenSSH Server
On ubuntu install the package openssh-server. It provides the sshd server. This same method should work on Debian and other debian based distros as well.
$ sudo apt-get install openssh-server
This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group.
Once installed the ssh server should be up and running. Verify it with the service command
$ service ssh status ssh start/running, process 29422
Connect to SSH server from client
Now connect to the ssh server using the ssh command. The ssh command is the "openssh client". The syntax is of ssh is like this
ssh [email protected] OR ssh -l username hostname
Connect to our ssh server.
$ ssh [email protected] The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is f2:81:02:29:0b:84:69:d4:71:35:e0:2f:d7:3b:cd:3e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. [email protected]'s password:
Once logged in it will show a welcome message similar to this
Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-17-generic x86_64) * Documentation: https://help.ubuntu.com/ New release '13.04' available. Run 'do-release-upgrade' to upgrade to it. *** System restart required *** Last login: Thu May 30 20:58:33 2013 from localhost $
Configure SSH server
The ssh server works on port 22 by default. If you want to change the default port of ssh server then edit the file
/etc/ssh/sshd_config
It has a line for specifying the port number.
# What ports, IPs and protocols we listen for Port 22
After changing the port number restart the ssh server using the service command
$ sudo service ssh restart ssh stop/waiting ssh start/running, process 30751
To learn more about how to configure the ssh server using the configuration file check the man page by running the following command
man sshd_config
Putty ssh client - Windows users
On ubuntu the terminal ssh command is the easiest way to connect to any ssh server. However if you are looking for an alternative then try putty.
Putty is a free ssh/telnet client that is available for both linux and windows. On ubuntu install it from synaptic
sudo apt-get install putty
Securing SSH Server
If you are installing ssh server on a remote and online server, its important secure the server. Here are some security measures you can implement to strengthen the security of the ssh server.
1. Use strong usernames and passwords
2. Configure Idle Timeout Interval
3. Disable empty passwords
4. Give ssh access to only specific users
5. Disable root logins
6. Only use ssh protocol 2
7. Use different port
8. Restrict Clients with firewall
9. Use Key based Authentication
Password less login to ssh server
The ssh server setup by default asks for the username/password to login. However it is possible to setup password less login by using key based authentication.
Check out my tutorial on setting up password less login to ssh for more information.
Links and Resources
To learn more check out the following links:
http://www.openssh.org/If you have any feedback or questions, let us know in the comments below.