Any security-minded Linux user will always use SSH protocol when connecting to servers. This is because SSH is a secure protocol that encrypts data or information sent over the network. SSH replaced older and insecure protocols in the 90’s such as telnet and rlogin. In this guide, we look at SSH command usage with examples.
By default, SSH runs on the TCP/IP port 22
Checking if SSH service is running on a Linux System
If you are currently logged in to a Linux system and you want to check if SSH is running, execute the command
|
1 |
# systemctl status sshd |
Sample Output
Additionally, you can check ssh is listening on port 22 on your server by using the netstat command as shown
|
1 |
# netstat -pnltu |
Sample Output
The two techniques have confirmed that the SSH protocol is running on port 22.
Logging to a remote System using SSH
To log in to a remote system as root user from a Linux machine use the syntax below:
|
1 |
# ssh root@host-ip-address |
For example, I’m going to login to a remote Debian PC IP 173.82.208.144
|
1 |
# ssh root@173.82.208.144 |
If you are connecting for the first time, you will see the following prompt
Type yes to add the server to the list of known_hosts located in ~/.ssh/known_hosts
Each server consists of a host key which is a cryptographic key. This key is used to authenticate systems using SSH protocol.
Next, you will be prompted for the remote system’s password. Provide the Password and hit ‘ENTER’ to log in to the system.
Logging to a system as a regular user
Sometimes, you may want to log in to a remote system using a regular user’s account if remote root login is disabled. to do this, follow the syntax below
|
1 |
# ssh username@host-ip-address |
OR
|
1 |
# ssh -l username host-ip-address |
To log in as user ‘john’ residing on the remote Debian system, execute the command
|
1 |
# ssh john@173.82.208.144 |
Sample Output
You can get the same thing using the below command.
|
1 |
# ssh -l john 173.82.208.144 |
Sample Output
Configuring passwordless authentication
Sometimes, you may constantly need to access your remote systems or you may have services that may need access to these systems. Password authentication may lead to time wastage or hinder access to automated applications that require access to the remote systems. For this reason, it’s convenient to configure a passwordless SSH authentication to your remote servers.
Step 1: Generate SSH keys
The first step will be to generate SSH keys on the server using the command:
|
1 |
# ssh-keygen |
Sample Output
when prompted at each step, simply hit ‘ENTER’ to maintain the defaults
The public key – id_rsa.pub – is saved in ~/.ssh/ directory
Step 2: Copying the SSH public key to the remote client
The next step will be to copy the generated public key to the remote client system. To accomplish this, we will use the ssh-copy-id command . The command copies the SSH key to the remote client as an authorized key. This allows for subsequent automated passwordless logins.
|
1 |
# ssh-copy-id -i ~/.ssh/id_rsa.pub root@173.82.208.14 |
Sample Output
Now you can seamlessly log in to the remote Debian System without being prompted for a password
Sample Output
The public key is saved in the client system in the ~/.ssh/authorized_keys file.
A FEW POINTS TO NOTE
- SSH clients store host keys to systems they are connected to. These keys are referred to as
known host keysand are stored in the~/.ssh/directory. - The private keys –
id_rsashould only be accessible to the root user and should not be copied to any system. If leaked out to another third party, this may lead to man-in-the-middle attacks where the client systems can be compromised by hackers.