OpenSSH - Overview and Usage
What is Secure Shell(SSH) ?
Secure Shell is an application protocol and software suite that allows secure network services over an insecure network such as the public internet by strong encryption and authentication. It can be used for remote terminal connections,remote file copy and forwarding X11 sessions as well as arbitrary TCP ports through a secure tunnel.It replaces the other insecure protocols such as Telnet and FTP.
OpenSSH is a free and open-source set of computer tools that are used to provide secure and encrypted communication over a computer network using the ssh protocol. OpenSSH is commonly used to connect to a remote Linux shell, but it can also be used for other purposes, such as file transfer, tunneling, and port forwarding.
|Service Name||Port Number||Transport Protocol|
Remote accessing of Linux PCs from another Linux PC or server is an essential capability that is required in many scenarios, especially for system administrators and developers. It allows users to access a remote server, execute commands, transfer files, and perform other essential tasks from the comfort of their workstation or laptop. Fortunately, the process of accessing a Linux PC or server remotely is straightforward and can be accomplished using a set of computer tools called OpenSSH.
Many people new to computers and protocols tend to create a misconception about OpenSSH, thinking it is a protocol. However, it is not. Instead, it is a set of computer programs that use the ssh protocol. The ssh protocol is a set of standards for secure and reliable communication between two computers over a network. It provides a secure and encrypted channel for data transfer, making it suitable for remote access to Linux PCs and servers.
Installation of OpenSSH
OpenSSH is a client-server application tool and server and client utilities need to be installed to get access through SSH protocol. openssh-server need to be installed on Server-End. And openssh-client need to be installed on Client-End to access the server.
To install OpenSSH, you need to have superuser permissions on the remote server. The installation process varies depending on the Linux distribution you are using. On Ubuntu/Debian/Linux Mint, you can install OpenSSH by running the following command in the terminal.
OpenSSH Server installation
OpenSSH Client installation
Configurations files are located under the /etc/ssh Directory and configurations files are mentioned below.
!! note Server Configuration File - /etc/ssh/sshd_config Client Configurations File - /etc/ssh/ssh_config or ~/.ssh/config
And here are few configuration and its usage are :
Host *- Restricts the following declarations (up to the next Host or Match keyword) to be only for those hosts that match one of the patterns given after the Host keyword. In this case it allows all the host access.
ConnectTimeout 0 - If Connection Timeout value defined then it used when connecting to the SSH server instead of using default system TCP timeout.And value only used for target is down or unreachable condition,not when server refuses the connection.
Port 13 - Specifies the port number which need to used to connect the remote host. The default Port number is 22.
AddressFamily - Specifies which address family to use when connecting.Valid arguments are “any”, “inet” (use IPv4 only), or “inet6” (use IPv6 only).
BatchMode - If this option set to “yes”, passphrase/password querying will be disabled.
ServerAliveInterval - If this used to maintain the server connectivity session to desired period instead of default 300 seconds when there is no active jobs running on the connection.
BindAddress - Use the specified address on the local machine as the source address of the connection.Only useful on systems with more than one address. Note that this option does not work if UsePrivilegedPort is set to “yes”.
Compression - Specifies whether to use compression. The argument must be “yes” or “no”. The default is “no”.
Specifies the compression level to use if compression is enabled.The argument must be an integer from 1 (fast) to 9(slow,best). The default level is 6, which is good for most applications.The meaning of the values is the same as in gzip(1).Note that this option applies to protocol version 1 only.
Specifies the number of tries (one per second) to make before exiting.The argument must be an integer.This may be useful in scripts if the connection sometimes fails.The default is 1.
Specifies the timeout (in seconds) used when connecting to the SSH server, instead of using the default system TCP timeout. This value is used only when the target is down or really unreachable, not when it refuses the connection.
Specifies one or more files to use for the global host key data‐base, separated by whitespace.The default is /etc/ssh/ ssh_known_hosts, /etc/ssh/ssh_known_hosts2.
Specifies one or more files to use for the user host key database, separated by whitespace. The default is ~/.ssh/known_hosts, ~/.ssh/known_hosts2.
Specifies whether to try rhosts based authentication with public key authentication.The argument must be “yes” or “no”.The default is “no”. This option applies to protocol version 2 only and is similar to RhostsRSAAuthentication.
Specifies the number of password prompts before giving up.The argument to this keyword must be an integer.The default is 3.
Specifies whether to use password authentication. The argument to this keyword must be “yes” or “no”.The default is “yes”.
Specifies the order in which the client should try protocol 2 authentication methods.This allows a client to prefer one method (e.g. keyboard-interactive) over another method (e.g.password).The default is:( gssapi-with-mic,hostbased,publickey, keyboard-interactive,password ).
Specifies the protocol versions ssh(1) should support in order of preference.The possible values are ‘1’ and ‘2’.Multiple versions must be comma-separated.When this option is set to “2,1”.ssh will try version 2 and fall back to version 1 if version 2 is not available.The default is ‘2’.
If this flag is set to “yes”, ssh(1) will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, though it can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new hosts are frequently made.This option forces the user to manually add all new hosts.If this flag is set to “no”, ssh will automatically add new host keys to the user known hosts files.If this flag is set to “ask”, new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host key has changed. The host keys of known hosts will be verified automatically in all cases.The argument must be “yes”, “no”, or “ask”.The default is “ask”.
Login Procedure - Windows
Once the OpenSSH server is installed on the remote Linux PC/Server, we can use a Windows application like PuTTY to access it. If you don't have PuTTY installed on your system, you can download and install it from the official website.
To log in to the remote Linux PC/Server using PuTTY, follow these steps:
- Open PuTTY and select "ssh" as the connection type.
- Enter the hostname or the remote server's DNS name or remote IP in the Host Name field. For example, hostname: technobureuau.com
- Enter your identity information, including your username and password.
- Download and install WinSCP or FileZilla application if you don't have it, to transfer files between your Windows and Linux PC/Server.
Login Procedure - Linux
To access the remote Linux PC/Server from another Linux PC/Server, you need to install the OpenSSH client on the source system. This will allow you to log in to the remote system from the source system.
- To log in to the remote Linux shell, open a terminal and type:
- To transfer files between the local and remote Linux PC or server, you can use the scp command. The scp command allows you to copy files securely between two Linux computers. To copy files to the server, run the following command on your workstation or laptop:
- To copy files from the server, run the following command on your workstation or laptop:
OpenSSH is a set of computer tools that make remote accessing of Linux PCs from another Linux PC or server possible. Installing OpenSSH is a straightforward process that involves using superuser permissions to run commands on the terminal. By installing OpenSSH, you can access a remote Linux PC from a Windows machine or another Linux PC or server.
Created: June 17, 2023 21:48:54