Skip to content

OpenSSH - Overview and Usage

What is Secure Shell(SSH) ?

Secure Shell is an application protocol and software suite that allows secure network services over an insecure network such as the public internet by strong encryption and authentication. It can be used for remote terminal connections,remote file copy and forwarding X11 sessions as well as arbitrary TCP ports through a secure tunnel.It replaces the other insecure protocols such as Telnet and FTP.

OpenSSH is a free and open-source set of computer tools that are used to provide secure and encrypted communication over a computer network using the ssh protocol. OpenSSH is commonly used to connect to a remote Linux shell, but it can also be used for other purposes, such as file transfer, tunneling, and port forwarding.

Service Name Port Number Transport Protocol
ssh 22 TCP/UDP/SCTP

Remote accessing of Linux PCs from another Linux PC or server is an essential capability that is required in many scenarios, especially for system administrators and developers. It allows users to access a remote server, execute commands, transfer files, and perform other essential tasks from the comfort of their workstation or laptop. Fortunately, the process of accessing a Linux PC or server remotely is straightforward and can be accomplished using a set of computer tools called OpenSSH.

Many people new to computers and protocols tend to create a misconception about OpenSSH, thinking it is a protocol. However, it is not. Instead, it is a set of computer programs that use the ssh protocol. The ssh protocol is a set of standards for secure and reliable communication between two computers over a network. It provides a secure and encrypted channel for data transfer, making it suitable for remote access to Linux PCs and servers.

Installation of OpenSSH

OpenSSH is a client-server application tool and server and client utilities need to be installed to get access through SSH protocol. openssh-server need to be installed on Server-End. And openssh-client need to be installed on Client-End to access the server.

To install OpenSSH, you need to have superuser permissions on the remote server. The installation process varies depending on the Linux distribution you are using. On Ubuntu/Debian/Linux Mint, you can install OpenSSH by running the following command in the terminal.

OpenSSH Server installation

Bash Session
sudo apt-get install openssh-server
Bash Session
yum -y install openssh-server

OpenSSH Client installation

Bash Session
sudo apt-get install openssh-client
Bash Session
dnf -y install openssh-client

Configuration

Configurations files are located under the /etc/ssh Directory and configurations files are mentioned below.

!! note Server Configuration File - /etc/ssh/sshd_config Client Configurations File - /etc/ssh/ssh_config or ~/.ssh/config

And here are few configuration and its usage are :

  • Host *- Restricts the following declarations (up to the next Host or Match keyword) to be only for those hosts that match one of the patterns given after the Host keyword. In this case it allows all the host access.

  • ConnectTimeout 0 - If Connection Timeout value defined then it used when connecting to the SSH server instead of using default system TCP timeout.And value only used for target is down or unreachable condition,not when server refuses the connection.

  • Port 13 - Specifies the port number which need to used to connect the remote host. The default Port number is 22.

  • AddressFamily - Specifies which address family to use when connecting.Valid arguments are “any”, “inet” (use IPv4 only), or “inet6” (use IPv6 only).

  • BatchMode - If this option set to “yes”, passphrase/password querying will be disabled.

  • ServerAliveInterval - If this used to maintain the server connectivity session to desired period instead of default 300 seconds when there is no active jobs running on the connection.

  • BindAddress - Use the specified address on the local machine as the source address of the connection.Only useful on systems with more than one address. Note that this option does not work if UsePrivilegedPort is set to “yes”.

  • Compression - Specifies whether to use compression. The argument must be “yes” or “no”. The default is “no”.

  • CompressionLevel

    Specifies the compression level to use if compression is enabled.The argument must be an integer from 1 (fast) to 9(slow,best). The default level is 6, which is good for most applications.The meaning of the values is the same as in gzip(1).Note that this option applies to protocol version 1 only.

  • ConnectionAttempts

    Specifies the number of tries (one per second) to make before exiting.The argument must be an integer.This may be useful in scripts if the connection sometimes fails.The default is 1.

  • ConnectTimeout

    Specifies the timeout (in seconds) used when connecting to the SSH server, instead of using the default system TCP timeout. This value is used only when the target is down or really unreachable, not when it refuses the connection.

  • GlobalKnownHostsFile

    Specifies one or more files to use for the global host key data‐base, separated by whitespace.The default is /etc/ssh/ ssh_known_hosts, /etc/ssh/ssh_known_hosts2.

  • UserKnownHostsFile

    Specifies one or more files to use for the user host key database, separated by whitespace. The default is ~/.ssh/known_hosts, ~/.ssh/known_hosts2.

  • HostbasedAuthentication

    Specifies whether to try rhosts based authentication with public key authentication.The argument must be “yes” or “no”.The default is “no”. This option applies to protocol version 2 only and is similar to RhostsRSAAuthentication.

  • NumberOfPasswordPrompts

    Specifies the number of password prompts before giving up.The argument to this keyword must be an integer.The default is 3.

  • PasswordAuthentication

    Specifies whether to use password authentication. The argument to this keyword must be “yes” or “no”.The default is “yes”.

  • PreferredAuthentications

    Specifies the order in which the client should try protocol 2 authentication methods.This allows a client to prefer one method (e.g. keyboard-interactive) over another method (e.g.password).The default is:( gssapi-with-mic,hostbased,publickey, keyboard-interactive,password ).

  • Protocol

    Specifies the protocol versions ssh(1) should support in order of preference.The possible values are ‘1’ and ‘2’.Multiple versions must be comma-separated.When this option is set to “2,1”.ssh will try version 2 and fall back to version 1 if version 2 is not available.The default is ‘2’.

  • StrictHostKeyChecking

    If this flag is set to “yes”, ssh(1) will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, though it can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new hosts are frequently made.This option forces the user to manually add all new hosts.If this flag is set to “no”, ssh will automatically add new host keys to the user known hosts files.If this flag is set to “ask”, new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host key has changed. The host keys of known hosts will be verified automatically in all cases.The argument must be “yes”, “no”, or “ask”.The default is “ask”.

Login Procedure - Windows

Once the OpenSSH server is installed on the remote Linux PC/Server, we can use a Windows application like PuTTY to access it. If you don't have PuTTY installed on your system, you can download and install it from the official website.

To log in to the remote Linux PC/Server using PuTTY, follow these steps:

  1. Open PuTTY and select "ssh" as the connection type.
  2. Enter the hostname or the remote server's DNS name or remote IP in the Host Name field. For example, hostname: technobureuau.com
  3. Enter your identity information, including your username and password.
  4. Download and install WinSCP or FileZilla application if you don't have it, to transfer files between your Windows and Linux PC/Server.

Login Procedure - Linux

To access the remote Linux PC/Server from another Linux PC/Server, you need to install the OpenSSH client on the source system. This will allow you to log in to the remote system from the source system.

  • To log in to the remote Linux shell, open a terminal and type:

Bash
ssh -X <your_username>@<host_name>
The hostname is the remote server's DNS name or remote IP, such as technobureau.com. You will be asked to enter the password, which you can simply type and press Enter. Once you are logged in, you can execute commands, transfer files, and perform other essential tasks on the remote server.

  • To transfer files between the local and remote Linux PC or server, you can use the scp command. The scp command allows you to copy files securely between two Linux computers. To copy files to the server, run the following command on your workstation or laptop:
Bash
scp -r <path_from_directory> <your_username>@<host_name>:<path_to_directory>
  • To copy files from the server, run the following command on your workstation or laptop:
Bash
scp -r <your_username>@<host_name>:<path_from_directory> <path_to_directory>

Conclusion

OpenSSH is a set of computer tools that make remote accessing of Linux PCs from another Linux PC or server possible. Installing OpenSSH is a straightforward process that involves using superuser permissions to run commands on the terminal. By installing OpenSSH, you can access a remote Linux PC from a Windows machine or another Linux PC or server.

Comments