Get To Know Linux: Secure Shell
If you spend enough time with Linux at some point you are going to want (or need) to log on to a remote machine. And logging on to a remote machine is something you want to do in a secure enviroment. To gain security when having to do any remote administration, your best bet is secure shell.
Secure shell was created as a replacement for telnet because telnet transmitted unencrypted passwords. The encryption is handled via public key cryptography. Through secure shell the user can issue commands on a remote server or even tunnel the X protocol in order to run remote graphic applications locally.
Using secure shell on Linux will require you to install openssh-clients and if you want to run an secure shell server (so others can secure shell into your machine) you will need to install openssh-server. These can be found in your Add/Remove Program utility. During the installation you will most likely be informed that the installer needs to generate a key. You won't have to do anything for this key generation. And, depending upon the Add/Remove Program utility that you use you may not even see any sign that this is happening.
Basic usage
To use secure shell you will need to open up a terminal window (gnome-terminal, konsole, aterm, eterm, etc). Once this is open you can begin. The structure of the command is:
ssh OPTIONS REMOTE_SERVER_ADDRESS
Secure shell has quite a list of options available. For a complete listing of these options issue the command man ssh to see them all. But the most useful options are:
- -v This gives verbose output so you can see all output given as a connection is being made.
- -l This allows you to specify a username for the connection.
- -X This instructs the remote server to allow the tunneling of X protocols.
Say you want to connect user jlwallen to server 192.168.1.10 and you want to tunnel X. The command to do this would be:
ssh -v -l jlwallen 192.168.1.10 -X
You would see a good deal of information pass by before you are asked for the users password. If this is the first time you've attempted this connection you will be prompted (via Y or N) if you want to allow the addition of a key to be placed in the ~/.ssh/known_hosts file. If you are wanting to make this connection you will have to accept this key.
ssh daemon
Now if you want to have the secure shell daemon running on your machine (so that users can log on) you will have to start the deamon. The ssh daemon (sshd) is started from the init.d system. On a Fedora-like system this daemon is started like so:
/etc/rc.d/init.d/sshd start
On a Ubuntu-based system this daemon is started like so:
/etc/init.d/sshd start
Once the daemon is started users can now log in. NOTE: The sshd daemon runs on port 22 so you will need to have that port open in order to allow connections.
Final Thoughts
Secure shell is one of the better means of logging into a remote machine securly. Sure there are other methods but secure shell is easy to use, reliable, and secure.
Advertisement
I covered X tunneling here before – fascinating stuff.
ssh is great as described, and even better for so much more. You can install it on windows (google for cygwin sshd, moba-ssh, or windows openssh) too.
Besides accessing it using a commandline ssh client or a GUI client like PuTTY, you can use it as an SCP/SFTP server with either a command line scp/sftp or using a GUI FTP program, many of which support SFTP. WinSCP is great, and can be downloaded in the form of a portable runnable .exe from its site (and it’s great for FTP too).
It can also be used to tunnel TCP and UDP ports securely. This means you can open a single port on your firewall for ssh, or forward a single port to your computer, and then have lots of programs communicate through your encrypted ssh session. I use it with VNC and RDP every day.