Introduction
Before we begin talking about how to use ssh to connect to a remote server, let's briefly understand-What is a Remote Server ?
A remote server refers to a computer or machine that is located in a different physical location from the user's local machine or computer. It is often accessed and managed over a network connection, such as the internet or a local area network (LAN).
Secure Shell, sometimes known as SSH, is a mechanism for safely logging into remote systems. It is the most popular method for connecting to remote Linux servers.SSH is a critical technology for system administrators to understand.
This tutorial will provide you steps to use SSH to connect to a remote server.
Core Syntax
The ssh command will be used to establish an SSH connection to a remote system.
To be able to ssh from a terminal when using Windows, you must install a version of OpenSSH. You can add OpenSSH to PowerShell by following Microsoft's documentation if you prefer to work with that programme. Setting up WSL, the Windows Subsystem for Linux, which includes ssh by default, will provide you access to a full Linux environment if you like. Installing Git for Windows, which offers a native Windows bash terminal environment with the ssh command, is a lightweight third solution. Whichever you choose to choose will depend on preference; each of these is well-supported.
On a Mac or Linux system, the ssh command will already be present in your terminal.
The command is written in its most simple form as follows:
ssh remote_host
The IP address or domain name you are attempting to connect to is the remote_host in this illustration.
The assumption made by this command is that your username on the distant system and your username on your local system are the same.
If your username on the remote system is different, you can indicate it by using the following syntax:
ssh remote_username@remote_host
After establishing a connection to the server, you might be prompted to provide a password in order to confirm your identity. We'll go over how to create keys later on, so you may use them in place of passwords.
Type the following to return to your local shell session and end the ssh session:
exit
How Does SSH Work?
SSH operates by establishing a connection between a client programme and the sshd server.
Ssh served as the client programme in the previous part. On the remote_host that we designated, the ssh server was already operational.
Almost all Linux installations should have the sshd server start up automatically. You might need to temporarily access your server using a web-based console or a local serial console if it is not running for whatever reason.
The steps required to launch an ssh server are determined by the distribution of Linux that you are using.
Type the following to start the ssh server on Ubuntu:
sudo systemctl start ssh
This ought to launch the sshd server, and then you can log in remotely.
How To Configure SSH
By changing the settings of the sshd server, you are also changing the configuration of SSH.
The main sshd configuration file on Ubuntu can be found in /etc/ssh/sshd_config.
Before modifying, make a backup of the current version of this file:
sudo cp /etc/ssh/sshd_config{,.bak}
Open it in nano or another text editor of your choice:
sudo nano /etc/ssh/sshd_config
The majority of the options included in this file should be left alone. There are a handful, nevertheless, that you might want to look at:
Port 22
The port declaration indicates the port on which the sshd server will accept connections. It starts out at 22 by default. Unless there are special circumstances, you should probably leave this setting alone. We will later demonstrate how to connect to the new port if you decide to change it.
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
Where to seek for global host keys is specified by the host keys declarations. Later, we'll talk about what a host key is.
SyslogFacility AUTH
LogLevel INFO
These two things show how much logging should be done.
Increasing the amount of logging may help you identify the source of any SSH issues you are experiencing.
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
The login information is specified via these parameters.
The number of seconds to maintain the connection after an unsuccessful login is specified by LoginGraceTime.
Setting this time just a little higher than how long it generally takes you to log in would be a good idea.
Whether the root user is permitted to log in is determined by PermitRootLogin.
In order to reduce the possibility of someone acquiring root access to your server, you should typically change this to no when you have created a user account with access to elevated capabilities (via su or sudo) and can connect in over ssh.
A safety measure called strictModes prevents login attempts if the authentication files are publicly accessible.
By doing this, attempts to log in are stopped when the configuration files are insecure.
X11Forwarding yes
X11DisplayOffset 10
These settings control a feature known as X11 Forwarding. By doing this, you can access the graphical user interface (GUI) of a distant system on your local computer.
When connecting with the -X option on the SSH client, this option needs to be enabled on the server.
Once you are done making the changes, save and close the file. Click Ctrl+X, then when prompted, Y and then Enter if you are using nano.
Remember to reload your sshd server to apply your modifications, if you have made any changes in the settings in /etc/ssh/sshd_config.
sudo systemctl reload ssh
To make sure your changes work as you intend them to, you should extensively test them.
While making adjustments, it can be a good idea to have a few terminal sessions open. This will prevent you from locking yourself out and reverting the configuration if necessary.
How To Log Into SSH with Keys
While being able to enter into a distant system using a password is useful, setting up key-based authentication is quicker and more secure.
How Does Key-based Authentication Work?
A private key and a public key are made as part of the process of key-based authentication.
On the client computer, where it is safely stored and kept private, is the private key.
You can share the public key with anyone and put it on any server you want to use to access information.
A message that can only be read with the private key will be created for the client computer by the server using the public key when you try to connect using a key-pair.
When the client computer returns to the server with the suitable response, the latter will recognize the client as valid.
Once your keys are properly configured, this operation is carried out automatically.
How To Create SSH Keys
The computer you want to log in from should have created SSH keys. Usually, this is your local computer.
The command line with the following:
ssh-keygen -t rsa
It is possible that you will be asked to set a password for the key files themselves, but this is not a regular occurrence, so you should press enter to accept the settings instead. The locations of your keys, ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa., will be created.
By typing the following, you can navigate to the .ssh directory:
cd ~/.ssh
Examine the files' permissions:
ls -l
Output
-rw-r--r-- 1 demo demo 807 Sep 9 22:15 authorized_keys
-rw------- 1 demo demo 1679 Sep 9 23:13 id_rsa
-rw-r--r-- 1 demo demo 396 Sep 9 23:13 id_rsa.pub
As you can see, only the owner has access to read and write to the id_rsa file. This keeps it a mystery a bit better.
However, the id_rsa.pub file has permissions that are suitable for this activity and can be shared.
How To Transfer Your Public Key to the Server
You can copy your public key to a server if you presently have password-based access to it by executing the following command:
ssh-copy-id remote_host
An SSH session will begin as a result. It will copy your public key to the server's authorized keys file once you input your password, enabling password-free access the following time.
Client-Side Options
When connecting over SSH, there are a number of extra flags that you can use.
To match the values in the sshd configuration of the remote host, some of these could be required.
You must match the port number on the client-side by typing: for instance, if you modified the port number in your sshd setup.
ssh -p port_number remote_host
You can add the command after the host in the following format if you only want to run one command on a remote system:
ssh remote_host command_to_run
After authenticating your connection to the remote machine, the command will be carried out.
As previously said, if both machines have X11 forwarding enabled, you can access that functionality by typing:
ssh -X remote_host
The GUI programs you use on the remote system will now open their windows on your local system, if you have the necessary software installed on your PC.
Disabling Password Authentication
When using SSH keys, you can increase server security by turning off password-only authentication. The private key that goes with the public key you've installed on the server will be the only way to access your server other than through the console.
Open the sshd configuration file as root or a user with sudo access:
sudo nano /etc/ssh/sshd_config
Find the line that says Password Authentication and remove the starting # to make it uncommented. After that, you can set the value to no.
PasswordAuthentication no
PubkeyAuthentication and ChallengeResponseAuthentication are two more options that shouldn't need to be changed (assuming you haven't changed this file before). They should read as follows and are set by default:
PubkeyAuthentication yes
ChallengeResponseAuthentication no
Save your changes, then exit the file.
The SSH daemon can now be loaded again:
sudo systemctl reload ssh
Now that password authentication has been deactivated, SSH key authentication should be the sole way to access your server.
FAQs to Use SSH to Connect to a Remote Server
Do I need to install SSH on my local machine?
SSH is usually included by default on Unix-like systems (Linux, macOS) but may require additional installation on Windows.
How can I check if SSH is installed on my local machine?
Open a terminal or command prompt and run the command ssh -V or ssh --version. It will display the SSH version if it is installed.
What information do I need to connect to a remote server via SSH?
You need the IP address or hostname of the remote server and valid credentials (username and password or SSH key).
How can I generate an SSH key pair?
Use the command ssh-keygen on your local machine to generate an SSH key pair. The keys will be saved in ~/.ssh by default.
What if the remote server rejects the SSH key due to permissions?
Ensure that the permissions for the SSH key file (id_rsa, id_dsa, or custom name) are set to 600 (chmod 600 <ssh-key>) to restrict access.
What is the known_hosts file and why is it important?
The known_hosts file stores the remote server's public key fingerprint. It helps verify the server's authenticity during SSH connections.
What happens if a remote server's public key changes?
If the remote server's public key changes, your SSH client will display a warning to prevent man-in-the-middle attacks. Update the known_hosts file after verifying the change.
Conclusion
Learning SSH will help you in all of your future cloud computing ventures. You'll find more sophisticated features that can simplify your life when you employ the various settings. SSH is still widely used because it is safe, portable, and practical in a variety of circumstances.
Please leave your questions in the comments section below.
