OpenSSH as popularly known is used for gaining secure access to remote computer and gain terminal access and transfer files. OpenSSH is set of client server program where all communication between client and server is encrypted. Since all communication is encrypted in OpenSSH, this makes it more secure than other similar tools like telnet or ftp. This is very helpful if you want to control several computers from single computer.
Installation SSH server in Linux
Use default installer in case RHEL/Fedora/Centos use yum for installation
yum -y install openssh-server openssh-client
In latest distribution of RHEL/Fedora/Centos DNF is used as default package manager, in this case use command
dnf install openssh-server openssh-client -y
Once installation of server and client is done, you will need to configure your client. Note that client is required for connection of remote server i.e. the system from which you are going to connect remote server must have client software installed.
Configure OpenSSH server
Although no specific configuration is required for connecting OpenSSH server. Still you can change port used for making connection enhance security, also you may disable remote root login.
Disable remote root login
Open the sshd_config file with your favourite text editor, its located in /etc/ssh/sshd_config. Now you will have to change PermitRootLogin directive to no.
PermitRootLogin no
Change port for connecting OpenSSH server
To change port you have to change directives it. Open configuration file in editor and find line for ports and change it number desired. By default, ssh listens to port number 22.
Port 22
You can change this to any other port if you want for any security reasons.
Login Grace time
This setting defines how many second connection is kept alive without Login. You can set this time as per time you normally take to login.
X11 forwarding
This connection enable’s forwarding Graphical Display to client. To use this option -X switch should be used while making connection from client.
After making any changes in configuration file you need restart you OpenSSH server.
Restarting OpenSSH server
To restart OpenSSH server you need to use your default service manager to restart it. Most of latest distributions of Linux are using systemctl
systemctl restart ssh restart
In case you are using an older distribution use
/etc/init.d/ssh restart
Now all you need is IP address of system and client software to connect to system using SSH.
SSH Key based login
How the process works
SSH key based authentication works by creating pair of keys
- Private Key – Private key is located on client machine and is kept secret.
- Public Key – Public key can be given to any one and is kept on machine you wish to connect.
When you try to connect to system having public key, it sends response which can be read only with private key. In response client computer sends response based on keys communicated and on identifying genuine message communication between both systems is established.
Create SSH keys
SSH keys should be generated on the client computer from which you will log in from. This is usually your local computer.
Syntax
ssh-keygen -t rsa
Press enter and your keys will be created at ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa.
Transferring Public Key to the Server
Use command ssh -copy-id to copy key to server
Syntax
ssh-copy-id remote_server
where remote server is your server name. You will be prompted to enter password by remote server. Once password is entered public key will be copies to remote server. Next login on to this server will not require password.
Using SSH command to connect to server
To connect to SSH server from client enter below command in terminal window
Syntax
ssh remote_host
where remote_host is host name or host ip address
Example
ssh 10.17.2.45
ssh mylinux.com
This command will work only if remote username is same as local username. Once connected remote system will authenticate user by asking for password.
Connecting to port other than default port 22
Using of switch -p to connect to server on port other than default port number 22.
Syntax
ssh -p port_number remote_host
Example
ssh -p 78 10.17.2.45
Using this command will cause client to connect on port open for ssh on server.
Connecting to X11 server on from client using ssh
If X11 is forwarded by ssh server, you can use switch -X from client
Syntax
ssh -X remote_host
Example
ssh -X 10.17.2.45
Running single command directly from ssh command
Running command directly from ssh can be done using below command
Syntax
ssh remote_host command
Example
ssh 10.17.2.45 ls
