With Secure Shell there are a number of ways to use (and configure) this tool to make it more useful and more secure. In this article  you will learn five different (and handy) secure shell tips to make sure your ssh usage is as good as it can be. And for some basic secure shell knowledge, check out my article “Get to know Linux: Secure shell“.

Password-less logon

Have have dealt with this before (as a side note), but wanted to re-iterate this process. Because I use ssh so much I get tired of having to enter passwords constantly. Now I will preface this by saying only do this on a network you trust. Yes you will be logging into ssh with a certificate, and that certificate will be on your machine, but you don’t want to employ this method on a network that can not be trusted. With that in mind, here are the steps for setting this up.

On the local machine issue the command:

ssh-keygen -t dsa

This command will generate a public key that will be then copied to your server. During this creation process you will be asked for a password – just press enter to use a blank password for this. You will have to verify the password, so hit enter again. )

With the key created you have to copy it to the server you want to ssh into. To do this enter the command:

ssh-copy-id -i .ssh/id_dsa.pub username@destination

Where username is the username you will be logging into on the remote server and destination is the IP address of the remote server.

Now when you go to secure shell into that remote machine you will not have to enter a password.

Block root login

Although secure shell is a secure means of logging into your server, you do not want to allow root access (for obvious reasons). Blocking root access is simple. Open up the /etc/ssh/sshd_config file and look for this line:

PermitRootLogin

and make sure it is set to “no” (no quotes). So the complete line will read:

PermitRootLogin no

Once you have saved that file, restart the ssh daemon with the command:

sudo /etc/init.d/ssh restart

Now the root user can no longer log in remotely via ssh.

Enable X tunneling

Secure shell is made even more powerful when you can run a remote X application on your local machine. And what is better is that it’s not difficult at all. In order to allow X tunneling you will first need to open up the /etc/ssh/sshd_config file and search for this line:

X11Forwarding

and make sure it looks like:

X11Forwarding yes

Once that is set save the file, restart sshd, and you are ready to tunnel and X Windows application through ssh. To accomplish this you have to add the -X flag to your secure shell command like this:

ssh -v -l USERNAME IP_ADDRESS -X

Where USERNAME is the username you want to log in with and IP_ADDRESS is the actual IP address of the machine you are logging into.

Final thoughts

There are so many cool tricks and tips with secure shell, but the above three are, in my opinion, the most helpful. Have you come across a helpful ssh tip you’d like to share? Or are you looking for a particular behavior out of secure shell? If so. share with your fellow Ghacks readers.

Related posts

• Linux Command Line Fu (5)
• Get To Know Linux: Secure Shell (4)
• Yoggie PICO Personal Mobile Security Computer (3)
• With Ubuntu 9.10 Arrives Wubi 9.10 (2)
• Widgets for Linux: SuperKaramba (6)

There is one thing that most Linux backup tools have in common and that is their underlying technologies. In most cases one of the tools that make the GUI backup tools possible is the venerable rsync. Rsync is an incredibly fast and lightweight file copy tool that can not only copy files to and from a local machine, it can also copy over a network connection – which makes rsync an ideal candidate for user-generated backup scripts or cron jobs.

In this tutorial you will learn how easy it is to use rysnc to not only back up specified directories to an external usb drive, but also to backup over a network connection via ssh.

Command structure

The structure of the rsync command is:

rsync [OPTIONS] SOURCE DESTINATION

Where SOURCE is the location of the directory to be backed up and DESTINATION is where the backup will be placed.

Now the structure of the command changes when you are employing a network facility such as ssh. At that point the command structure would look like:

rsync [OPTIONS] ssh SOURCE user@destination:/directory

Where user is the user name on the remote machine, destination would be either an IP address or domain, and /directory is the explicit path to the directory you want to back up to.

Usage

For the first example we are going to backup the directory /home/jlwallen/Documents to the directory /media/disk/BACKUPS. This destination is a directory located on an external USB drive obviously mounted to /media/disk. The command for this backup will be:

rsync -avh /home/jlwallen/Documents /media/disk/BACKUPS

This is where we run into our first “gotcha”. What happens with the above command is that any subdirectory in /home/jlwallen/Documents will be created on /media/disk/BACKUPS. So if you want to create a similar directory structure on the destination you should first create a parent directory similar to that of the source. So before you run the rsync command issue this command:

mkdir /media/disk/BACKUPS/Documents

The new rsync command would be:

rsync -avh /home/jlwallen/Documents /media/disk/BACKUPS/Documents

The options used in the above command are:

• a: Archive mode
• v: Verbose mode
• h: Output in human readable format.

Now let’s backup the same source to a remote location with the help of secure shell. It will help your cause to first make sure you can log into the remove machine via ssh. Once you have that working you are ready to backup. Using our same example we are going to backup to user jlwallen at the IP address 192.168.1.10 to the directory /home/jlwallen/BACKUPS/Documents. To do this the command would look like:

rsync -avhe ssh /home/jlwallen/Documents jlwallen@192.168.1.10:/home/jlwallen/BACKUPS/Documents

The added option is e which allows you to specify the remote shell to use.

You will be prompted for the remote users’ password and then the coping will begin. But what if you don’t want to have to use a password? If you are wanting to set up automated, remote backups you will have to allow this process to happen without entering a password. To do this you have to create an SSH key without a password. Here are the steps for this:

create an ssh key on the source machine with the command:

ssh-keygen -t dsa

Press enter when prompted for a password.

Once the key is created copy that key to the destination key with the following command:

ssh-copy-id -i .ssh/id_dsa.pub username@destination

Where username is the user on the remote machine and destination is the IP or domain of the remote machine.

Now rsync copying can be done without having to enter a password.

Final thoughts

The nice thing about this setup is you can now use rsync to create a cron job for backup automation. Rsync is an incredibly flexible and reliable means for backing up your directories and files. It should be since it is the foundation that so many other backup tools were based on.

Related posts

• Get To Know Linux: Secure Shell (4)
• Zip Encrypt Ftp Backups (1)
• Yadis! Backup Software (2)
• Windows Backup Software: Backup Maker (18)
• Windows Backup Software DeltaCopy (11)

Secure shell was created as a replacement for telnet because telnet transmitted unencrypted passwords. The encryption is handled via public key cryptography. Through secure shell the user can issue commands on a remote server or even tunnel the X protocol in order to run remote graphic applications locally.

Using secure shell on Linux will require you to install openssh-clients and if you want to run an secure shell server (so others can secure shell into your machine) you will need to install openssh-server. These can be found in your Add/Remove Program utility. During the installation you will most likely be informed that the installer needs to generate a key. You won’t have to do anything for this key generation. And, depending upon the Add/Remove Program utility that you use you may not even see any sign that this is happening.

Basic usage

To use secure shell you will need to open up a terminal window (gnome-terminal, konsole, aterm, eterm, etc). Once this is open you can begin. The structure of the command is:

ssh OPTIONS REMOTE_SERVER_ADDRESS

Secure shell has quite a list of options available. For a complete listing of these options issue the command man ssh to see them all. But the most useful options are:

• -v This gives verbose output so you can see all output given as a connection is being made.
• -l This allows you to specify a username for the connection.
• -X This instructs the remote server to allow the tunneling of X protocols.

Say you want to connect user jlwallen to server 192.168.1.10 and you want to tunnel X. The command to do this would be:

ssh -v -l jlwallen 192.168.1.10 -X

You would see a good deal of information pass by before you are asked for the users password. If this is the first time you’ve attempted this connection you will be prompted (via Y or N) if you want to allow the addition of a key to be placed in the ~/.ssh/known_hosts file. If you are wanting to make this connection you will have to accept this key.

ssh daemon

Now if you want to have the secure shell daemon running on your machine (so that users can log on) you will have to start the deamon. The ssh daemon (sshd) is started from the init.d system. On a Fedora-like system this daemon is started like so:

/etc/rc.d/init.d/sshd start

On a Ubuntu-based system this daemon is started like so:

/etc/init.d/sshd start

Once the daemon is started users can now log in. NOTE: The sshd daemon runs on port 22 so you will need to have that port open in order to allow connections.

Final Thoughts

Secure shell is one of the better means of logging into a remote machine securly. Sure there are other methods but secure shell is easy to use, reliable, and secure.

Related posts

• Securely copy files with scp (5)
• Remote SSH: Run processes anywhere on different platforms (1)
• Five handy secure shell tips and tricks (8)
• Backup your Linux box with rsync (3)
• Access remote Unix GUIs in Windows: Xming (1)

Connect Bot is probably the number one must have application for webmasters who operate their own servers. It can be used to log into the server using the phone. For those who do not know what SSH is, it basically allows a user to exchange data using a secure channel between two network devices.

Some examples where this could come in handy would be to restart the web server, configure services or monitor the connections, processes and resource usage while on the road.

The application can be installed right from the Android Market. Must have for any webmaster and admin with their own servers.

Related posts

• Download All Applications From Android Market For Free (9)
• 5 Must Have Google Android Applications (2)
• Google Android Application Store Browser (6)
• Android PC Remote Access (3)
• T-Mobile myTouch (5)