Secure Shell (SSH)

D

DevynCJohnson

Guest
Secure Shell (SSH) allows users to access a remote computer. With SSH, a server administrator can login to a server from home and make changes to the server as if the admin were using the server directly. Owners of the popular Raspberry Pi can use their RPi board without having another monitor to plug into the board. Owners of headless servers (servers lacking input and output devices) can manage the server. SSH offers many features and has numerous uses.

SSH is a secure networking protocol used to connect two computers. SSH is a popular alternative to Telnet, rlogin, and rsh. SSH is used for file transfer, encryption, remote login, X11 tunneling/forwarding, etc. SSH can encrypt various network services such as VNC connections.

When transferring files, users can use Secure Copy (SCP), rsync, RCP over SSH, SSH File Transfer (SFTP), FTP over SSH (different from SFTP), FISH, SSH Filesystem (SSHFS), and various other methods.

To use SSH, the server must have the SSH daemon (sshd) running. Also, the client must have a SSH client, and the server and client need to be properly configured. Once those needs are satisfied, the client user must login to the server using a properly authenticated username and password.

The "/etc/ssh/sshd_config" configuration file controls the server settings while "/etc/ssh/ssh_config" is for client settings. When changing the client options, those settings change the way the system acts as a client. That file does not change remote clients. The same concept is true for the server settings (/etc/ssh/sshd_config). If a particular user on a client system wanted to change the client settings for their user-account on that particular client system, then they should edit "~/.ssh/config". For illustration, assume there is a server and a client system. The client has two users - bob and joe. Changing "/etc/ssh/sshd_config" on the server will change how the server acts when the client connects to the server. If the client changes its "/etc/ssh/sshd_config" file, then nothing changes on the server. However, if the client acts as a SSH server, then those settings would apply to the client acting as a server to other systems. If the user "bob" wanted to change some settings to his personal liking, then he can edit his "~/.ssh/config" file. Any changes to "/etc/ssh/ssh_config" will effect both joe and bob on the client system. The personal SSH config file (~/.ssh/config) has higher priority over the global SSH client config file (/etc/ssh/ssh_config).

NOTE: Use Root privileges to restart SSH after changing any settings. (service ssh restart)

The easiest way to login to a remote SSH server is to use the command "ssh user@remote_server". "user" is the username on the remote system and "remote_server" is the hostname or IP address. For instance, to login to my headless RPi system, I can run "ssh [email protected]" or "ssh piuser@coolserver".

ssh-login.png


Various authentication methods are available for SSH. A user can be permitted to login by supplying a registered username and password or by owning the appropriate RSA key. To register an RSA key to a SSH server, run "ssh-copy-id USER@SERVER". If no key has been created prior to submission, then create one first by running "ssh-keygen". Specify a public key file by using the "-i" parameter - "ssh-copy-id -i ~/.ssh/KEY.pub USER@SERVER".

X11 forwarding allows GUI windows that are from the server to be displayed on the client. To use X11 forwarding, use the "-X" parameter in the "ssh" command. Using "-Y" allows trusted X11 forwarding. Using both "-X" and "-Y" at the same time is permitted.

In the server's SSH configuration file, add the line "X11Forwarding yes" or change "no" to "yes" in the existing line to permit the server to send X11 over SSH. On the client, use the "-X" and/or "-Y" parameters or add "ForwardingX11 yes" to the global or personal SSH client configuration file to allow the client to accept X11. Now, the client system can run a program, (like Leafpad or Firefox) on the remote system and see the window on the client's screen as if the program were running locally. This is useful when a GUI program must be run. For example, run "ssh admin@server" and login. Then, in the SSH prompt, run "leafpad /etc/ssh/sshd_config" to use Leafpad (if installed on the server) to edit the server's SSH-server settings.

ssh-leafpad.png


To always allow X11 forwarding on all SSH connections, add the lines below to ~/.ssh/config or /etc/ssh/ssh_config.

Code:
Host *
  ForwardX11 yes
  ForwardX11Trusted yes

To run a GUI as Root or with Root privileges, use "gksudo" instead of "sudo". Otherwise, the GUI will be denied.

To send a single command to a remote machine via SSH, use a command like the one below.

ssh USER@SERVER “command”

So, to shutdown the server remotely without logging in and then running the shutdown command, admins can type 'ssh ADMIN@SERVER “shutdown -h now”'. This command can be saved as an alias or in a shell script. Then, the remote server can be shutdown remotely.

To copy a local file to a remote server, use the “scp” command. For example, type the command in the form “scp /path/to/file username@remotehost:remote/destination/”. For example, to copy a local PDF file that is in the home folder to the remote home folder, type “scp ~/file.pdf bob@SERVER:/home/bob/”. Include the “-r” parameter to copy files in a directory recursively.

To copy a directory (recursively) from a remote server to a local path, use a command like this - scp -r username@remotehost:/path/to/folder /local/destination

Further Reading
 

Attachments

  • slide.jpg
    slide.jpg
    33.6 KB · Views: 9,864
Last edited:


Good article.

Just curious, what windows program are you using to display the terminal? Also I can't help but notice that you got the three window controls on the left side. How did you do that?
 
Good article.

Just curious, what windows program are you using to display the terminal? Also I can't help but notice that you got the three window controls on the left side. How did you do that?
It is not a Windows program; it is all Linux. I use window-manager themes. Mutter, Metacity, Compiz, etc. are capable of applying themes/skins. I use the Noobslab (http://www.noobslab.com/) and WebUpD8 (http://www.webupd8.org/) PPAs to get extra icons and themes.

I do not own a Windows system. I only use Linux (Android included). On my laptop, I use Ubuntu with the Unity user-interface, Android on phones and tablets, and Raspbian on my Raspberry-Pi. I occasionally try other Unixoid systems (Unix and Unix-like systems) in Oracle's Virtualbox.

Here are the PPAs
  • ppa:noobslab/icons
  • ppa:noobslab/icons2
  • ppa:noobslab/themes
  • ppa:noobslab/malys-themes
  • ppa:webupd8team/themes
"Unity Tweak Tool" can be used to modify Unity and configure the window controls.
https://launchpad.net/unity-tweak-tool
http://www.noobslab.com/2013/04/latest-unity-tweak-tool-for-ubuntu-1304.html
 
It is not a Windows program; it is all Linux. I use window-manager themes. Mutter, Metacity, Compiz, etc. are capable of applying themes/skins. I use the Noobslab (http://www.noobslab.com/) and WebUpD8 (http://www.webupd8.org/) PPAs to get extra icons and themes.
You got me believing you were using Windows. I thought you were using cygwin :D.
I do not own a Windows system. I only use Linux (Android included).
I want to ditch the proprietary software for FOSS and go all Linux, but I just can't go a day without at least a little bit of Windows or OS X :(
 

Members online


Top