The Project | About Us | Contribute | Donations | License
HOME My courses Completed
◄ Previous

SSH and Remote Access

Next ►

Introduction

Secure Shell (SSH) is a protocol used to securely connect to remote systems over a network. It provides a secure channel over an unsecured network by using encryption. SSH is widely used for remote command-line login, remote command execution, and other secure network services between two networked computers.

Key Concepts

  • SSH Protocol: A method for secure remote login and other secure network services over an insecure network.
  • SSH Client: A software that uses the SSH protocol to connect to an SSH server.
  • SSH Server: A software that accepts connections from SSH clients.
  • Public Key Authentication: A method of authenticating users using a pair of cryptographic keys (public and private keys).

Installing SSH

On Ubuntu/Debian

sudo apt update
sudo apt install openssh-server

On CentOS/RHEL

sudo yum install openssh-server
sudo systemctl enable sshd
sudo systemctl start sshd

Basic SSH Commands

Connecting to a Remote Server

ssh username@hostname
  • username: The user account on the remote server.
  • hostname: The IP address or domain name of the remote server.

Example

Copying Files with SCP (Secure Copy)

scp localfile username@hostname:/path/to/remote/directory
  • localfile: The file on your local machine.
  • /path/to/remote/directory: The destination directory on the remote server.

Example

scp myfile.txt [email protected]:/home/john/

Configuring SSH

SSH Configuration File

The SSH server configuration file is located at /etc/ssh/sshd_config.

Common Configuration Options

  • Port: The port number on which the SSH server listens (default is 22).
  • PermitRootLogin: Specifies whether root can log in using SSH.
  • PasswordAuthentication: Specifies whether password authentication is allowed.

Example Configuration

# Change the default port to 2222
Port 2222

# Disable root login
PermitRootLogin no

# Disable password authentication
PasswordAuthentication no

Restarting SSH Service

After making changes to the configuration file, restart the SSH service.

sudo systemctl restart sshd

Public Key Authentication

Generating SSH Keys

ssh-keygen -t rsa -b 4096 -C "[email protected]"
  • -t rsa: Specifies the type of key to create (RSA).
  • -b 4096: Specifies the number of bits in the key (4096 bits).
  • -C "[email protected]": Adds a comment to the key.

Copying the Public Key to the Remote Server

ssh-copy-id username@hostname
  • This command copies the public key to the remote server's ~/.ssh/authorized_keys file.

Example

ssh-copy-id [email protected]

Practical Exercise

Exercise: Securely Connect to a Remote Server

  1. Install SSH Server: Install the SSH server on a remote machine.
  2. Generate SSH Keys: Generate an SSH key pair on your local machine.
  3. Copy Public Key: Copy the public key to the remote server.
  4. Connect Using SSH: Connect to the remote server using SSH without a password.

Solution

  1. Install SSH Server: 
    sudo apt update
sudo apt install openssh-server
  2. Generate SSH Keys: 
    ssh-keygen -t rsa -b 4096 -C "[email protected]"
  3. Copy Public Key: 
    ssh-copy-id username@hostname
  4. Connect Using SSH: 
    ssh username@hostname

Common Mistakes and Tips

  • Permission Denied (publickey): Ensure the public key is correctly copied to the ~/.ssh/authorized_keys file on the remote server.
  • SSH Service Not Running: Verify that the SSH service is running on the remote server. 
    sudo systemctl status sshd
  • Firewall Blocking SSH: Ensure the firewall allows SSH traffic on the specified port.

Conclusion

In this section, you learned how to use SSH for secure remote access, configure SSH settings, and set up public key authentication. These skills are essential for managing remote servers securely. In the next section, we will explore Intrusion Detection Systems to further enhance the security of your Linux systems.

◄ Previous
Next ►
The Project | About Us | Contribute | Donations | License
© Copyright 2024. All rights reserved