SSH
, or Secure Shell, is a protocol that allows users to securely connect to a remote server or computer over a network, execute commands, and transfer files between systems. It is an essential tool for Linux users and administrators, providing a secure way to manage remote systems.
One of the most commonly used features of SSH is remote command execution. With SSH, users can execute commands on a remote system as if they were sitting right in front of it. For example, the following command connects to a remote server, authenticates using a username, and executes the ls -l /var/log
command on the remote server, displaying the output on the local machine:
ssh username@remote-server 'ls -l /var/log'
Another useful feature of SSH
is tunneling. With tunneling, users can securely connect to a remote system and forward traffic through that connection. This is useful for accessing services that are only available on the remote system, such as a database or web server. For example, the following command sets up an SSH tunnel that forwards traffic from the local machine’s port 8080 to the remote server’s port 80, allowing users to access the web server running on the remote server as if it were running locally:
ssh -L 8080:localhost:80 username@remote-server
SSH also supports key-based authentication, which provides an additional layer of security. With key-based authentication, users generate a public/private key pair and upload the public key to the remote server. When they connect to the remote server, SSH uses the private key on the local machine to authenticate them. Here’s an example of how to generate a new key pair and copy the public key to the remote server:
ssh-keygen
ssh-copy-id username@remote-server
SSH configurations can be customized to meet specific needs and preferences. The configuration file is typically located at /etc/ssh/sshd_config
for the server and ~/.ssh/config
for the client.
Change the default SSH port
By default, SSH listens on port 22, but users can change this to any other port to improve security. To change the default SSH port, edit the SSH configuration file using a text editor such as nano
or vim
, and modify the Port
line to reflect the desired port number. For example:
# Use a custom SSH port
Port 2222
Disable root login
It’s generally considered a security best practice to disable root login and use a non-root user instead. To disable root login, edit the SSH configuration file and set the PermitRootLogin
configuration option to no
.
# Disable root login
PermitRootLogin no
Limit user login: Users can limit SSH access to specific users by adding them to the AllowUsers
configuration. To limit SSH access to specific users, edit the SSH configuration file and add the usernames to the AllowUsers
line.
# Allow only specific users to login
AllowUsers user1 user2
Configure authentication methods
Users can specify which authentication methods are allowed for SSH. For example, to only allow public key authentication, edit the SSH configuration file and set the PasswordAuthentication
option to no
.
# Only allow public key authentication
PasswordAuthentication no
After modifying the configuration file, save the changes and restart the SSH
daemon.
sudo systemctl restart sshd
Finally, there are several SSH
commands and utilities that are useful for managing SSH
connections and configurations. Here are a few common ones:
ssh-keygen
: This command generates a new public/private key pair for use withSSH
.ssh-copy-id
: This command copies the public key to a remote server, allowing users to authenticate using key-based authentication.ssh-add
: This command adds the private key to the localSSH
agent, allowing users to authenticate without entering their passphrase each time.ssh-agent
: This command starts theSSH
agent, which manages theSSH
keys used for authentication.ssh-keyscan
: This command retrieves the publicSSH
keys of a remote server and adds them to the local machine’s known_hosts file.scp
: This command copies files between a local and remote system usingSSH
.sftp
: This command provides a secure way to transfer files between a local and remote system overSSH
.
Pingback: Mastering linux logs: configuring and analyzing system logs - Learn with Arctic Guru