This topic was published by DevynCJohnson and viewed 1274 times since "". The last page revision was "".
- Topics - 444
Secure Shell (SSH) allows users to access a remote computer. With SSH, a server administrator can login to a server from home and make changes to the server as if the admin were using the server directly. Owners of the popular Raspberry Pi can use their RPi board without having another monitor to plug into the board. Owners of headless servers (servers lacking input and output devices) can manage the server. SSH offers many features and has numerous uses.
SSH is a secure networking protocol used to connect two computers. SSH is a popular alternative to Telnet, rlogin, and rsh. SSH is used for file transfer, encryption, remote login, X11 tunneling/forwarding, etc. SSH can encrypt various network services such as VNC connections.
When transferring files, users can use Secure Copy (SCP), rsync, RCP over SSH, SSH File Transfer (SFTP), FTP over SSH (different from SFTP), FISH, SSH Filesystem (SSHFS), and various other methods.
To use SSH, the server must have the SSH daemon (sshd) running. Also, the client must have a SSH client, and the server and client need to be properly configured. Once those needs are satisfied, the client user must login to the server using a properly authenticated username and password.
The "/etc/ssh/sshd_config" configuration file controls the server settings while "/etc/ssh/ssh_config" is for client settings. When changing the client options, those settings change the way the system acts as a client. That file does not change remote clients. The same concept is true for the server settings (/etc/ssh/sshd_config). If a particular user on a client system wanted to change the client settings for their user-account on that particular client system, then they should edit "~/.ssh/config". For illustration, assume there is a server and a client system. The client has two users - bob and joe. Changing "/etc/ssh/sshd_config" on the server will change how the server acts when the client connects to the server. If the client changes its "/etc/ssh/sshd_config" file, then nothing changes on the server. However, if the client acts as a SSH server, then those settings would apply to the client acting as a server to other systems. If the user "bob" wanted to change some settings to his personal liking, then he can edit his "~/.ssh/config" file. Any changes to "/etc/ssh/ssh_config" will effect both joe and bob on the client system. The personal SSH config file (~/.ssh/config) has higher priority over the global SSH client config file (/etc/ssh/ssh_config).
NOTE: Use Root privileges to restart SSH after changing any settings -
service ssh restart
The easiest way to login to a remote SSH server is to use the command
ssh user@remote_server. "user" is the username on the remote system and "remote_server" is the hostname or IP address. For instance, to login to my headless RPi system, I can run
Various authentication methods are available for SSH. A user can be permitted to login by supplying a registered username and password or by owning the appropriate RSA key. To register an RSA key to a SSH server, run "
ssh-copy-id USER@SERVER". If no key has been created prior to submission, then create one first by running "ssh-keygen". Specify a public key file by using the "-i" parameter -
ssh-copy-id -i ~/.ssh/KEY.pub USER@SERVER.
X11 forwarding allows GUI windows that are from the server to be displayed on the client. To use X11 forwarding, use the "-X" parameter in the "ssh" command. Using "-Y" allows trusted X11 forwarding. Using both "-X" and "-Y" at the same time is permitted.
In the server's SSH configuration file, add the line "X11Forwarding yes" or change "no" to "yes" in the existing line to permit the server to send X11 over SSH. On the client, use the "-X" and/or "-Y" parameters or add "ForwardingX11 yes" to the global or personal SSH client configuration file to allow the client to accept X11. Now, the client system can run a program, (like Leafpad or Firefox) on the remote system and see the window on the client's screen as if the program were running locally. This is useful when a GUI program must be run. For example, run "ssh admin@server" and login. Then, in the SSH prompt, run
leafpad /etc/ssh/sshd_configto use Leafpad (if installed on the server) to edit the server's SSH-server settings.
To always allow X11 forwarding on all SSH connections, add the lines below to ~/.ssh/config or /etc/ssh/ssh_config.
Host * ForwardX11 yes ForwardX11Trusted yes
To run a GUI as Root or with Root privileges, use "gksudo" instead of "sudo". Otherwise, the GUI will be denied.
Send Remote Commands
To send a single command to a remote machine via SSH, use
ssh USER@SERVER "command"
So, to shutdown the server remotely without logging in and then running the shutdown command, admins can type
ssh ADMIN@SERVER "shutdown -h now". This command can be saved as an alias or in a shell script. Then, the remote server can be shutdown remotely.
To copy a local file to a remote server, use the "scp" command. For example, type the command in the form
scp /path/to/file username@remotehost:remote/destination/. For example, to copy a local PDF file that is in the home folder to the remote home folder, type
scp ~/file.pdf bob@SERVER:/home/bob/. Include the "-r" parameter to copy files in a directory recursively.
To copy a directory (recursively) from a remote server to a local path, use a command like
scp -r username@remotehost:/path/to/folder /local/destination
- Linux Server and Networking Article Index - http://dcjtech.info/topic/linux-servers-and-networking/
- Types of Networks - http://dcjtech.info/topic/types-of-networks/