SSH (Secure Shell)



The SSH protocol uses encryption to secure the connection between a client and a server. All user authentication, commands, output, and file transfers are encrypted to protect against attacks in the network.

How does SSH work ?

In order to establish an SSH connection, you need two components: a client and the corresponding server-side component. An SSH client is an application you install on the computer which you will use to connect to another computer or a server. The client uses the provided remote host information to initiate the connection and if the credentials are verified, establishes the encrypted connection.

On the server’s side, there is a component called an SSH daemon that is constantly listening to a specific TCP/IP port for possible client connection requests. Once a client initiates a connection, the SSH daemon will respond with the software and the protocol versions it supports and the two will exchange their identification data. If the provided credentials are correct, SSH creates a new session for the appropriate environment.

The default SSH protocol version for SSH server and SSH client communication is version 2.

Connecting to a remote server

To connect to a server we must use SSH on the client as follows,
# ssh -p port user@server-address
  • port - The listening ssh port of the server (default port 22).

  • user - Must be an existing user on the server with SSH privileges.

  • server address - The IP/Domain of the server.
For a real world example lets pretend that you're making a website. The company you chose to host your site tells you that the server is located at web-servers.com on a custom port of 2020 and your account name usr1 has been chosen to create a user on the server with SSH privileges.

In this case the SSH command used would be as such
# ssh -p 2020 usr1@web-servers.com
If account name on the remote system is the same as the one one the local client you may leave the user name off. So if you are usr1 on both systems then you my simply use web-servers.com instead of usr1@web-servers.com .

When a server you want to connect to is not directly accessible to you, you can try using ProxyJump switch to connect to it through another server which is accessible to you and can connect to the desired server.
# ssh -J usr1@10.0.0.1:2020 usr2@10.0.0.2 -p 2222
This will let you connect to the server 10.0.0.2 (running ssh on port 2222) through server at 10.0.0.1 (running ssh on port 2020). You will need to have accounts on both servers of course. Also note that the -J switch is introduced in OpenSSH version 7.3.

Configuring an SSH server to accept connections

First we must edit the SSH daemon config file. Though under different Linux distributions this may be located in different directories, usually it is stored under /etc/ssh/sshd_config
Use your text editor to change the values set in this file, all lines starting with # are commented out and must have this character removed to take any effect. A list of recommendations follow as such.
Port (chose a number between 0 - 65535, normaly greater than four digits)
PasswordAuthentication yes
AllowUsers
user1 user2 ...etc

Suhaib Bin Younis | @suhaibbinyounis

Post a Comment

Post a Comment (0)

Previous Post Next Post