Your Guide To Using SSH

SSH is a network protocol which works in a console. The most commonly used SSH client is PuTTy. The image below shows an established SSH session. It is easy to use, and quick. Most IT Professional’s manage the entire network solely via SSH because of the security, and the quick/easy access to perform administrative and management tasks on the server. The entire session in SSH is encrypted – The major protocols for SSH are SSH1/SSH-1 and SSH2/SSH-2. SSH-2 is the latter one, more secure then SSH-1. A Linux OS has a built in utility called Terminal to access console and a windows machine requires a SSH Client (eg. PuTTy).

putty

Accessing A Remote Host Using SSH

To access a remote host/machine using SSH, you will need to have the following:

a) PuTTy (Free SSH Client)
b) SSH Server Username
c) SSH Server Password
d) SSH Port which is usually 22 but since 22 is default, it should be changed to a different port to avoid attacks on this port.

In a Linux Machine, the username root is the administrator by default and contains all the administrative rights.

In Terminal, the following command will initiate a connection  to the server.

ssh root@192.168.1.1
where, root is the username, and 192.168.1.1 is the host address

This is how the terminal looks like:

terminal

Your commands will be typed after the $ symbol. For help with any command in terminal/putty, use the syntax:

man ssh
man command

man, followed by any command will return on-screen command guidance

So what i am going to do now, is SSH using PuTTy into my Debian OS running on  VMWare.

But before i do that, i need to enable SSH by logging into my my VM Debian – If you have just purchased a server from a hosting company, then you can request them to enable SSH for you.

To enable ssh, use
sudo /etc/init.d/ssh restart

Since i am using Ubuntu, and ssh was  not installed, so
To install ssh use these commands
sudo apt-get install openssh-client
sudo apt-get install openssh-server

And, here’s what i’ve got, logged in to SSH via PuTTy:

ssh

Now this is what it takes to setup SSH and establish a session via PuTTy – Below, i will address some basic advanced features that will slowly start to give  you a greater view of the whole scenario.

The default ssh configuration file is located at: /etc/ssh/sshd_config
To view the configuration file use: cat /etc/ssh/sshd_config
To edit the configuration file use: vi /etc/ssh/sshd_config or nano /etc/ssh/sshd_config

After editing any file, use CTRL + X and hit Y key to save and exit it (nano editor)

The SSH port can be changed from the configuration file, default port is 22. The basic commands, cat, vi and nano will work for other stuff as well. To learn more about commands specifically, use Google Search.

If you make any changes to any configuration file, then a restart is required for that service. Moving further, let’s assume we now wish to change our port, so what we’re going to do is edit the sshd_config file, and i would use

nano /etc/ssh/sshd_config

port-ssh

You must be logged in as admin, or use sudo nano /etc/ssh/sshd_config to edit the file. After it has  been edited, restart the ssh service, sudo /etc/init.d/ssh restart

If you are changing a port, be sure to allow it in your IPTABLES, if you are using the default firewall.

iptables -I INPUT -p tcp –dport 5000 -j ACCEPT
/etc/rc.d/init.d/iptables save

Query the iptables to confirm if port is open
iptables -nL | grep 5000

There are several directives in the configuration file, as discussed earlier, there are two protocols for SSH (1 & 2). If it is set to 1, change it to 2.

Below is a bit of my configuration file:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 5000 replaced number 22 with port
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2 replaced protocol 1 with 2

don’t forget to restart the service after making changes

Root is the administrator, and it is recommended that it must be disabled, otherwise if you are open to remote connections, you may become a subject of a brute force attack or other ssh vulnerabilities – Linux servers, are the most loved boxes by hackers, the directive LoginGraceTime, sets up a time limit for user to login and authenticate, if the user doesn’t, then the connection closes – leave  that to default.

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

A super cool feature, is the Key authentication (PubkeyAuthentication) – This feature allows you to setup only key based authentication, as we  see with Amazon EC3 servers. You can only access the server using your private key, it is highly secure. In order for this to work, you would need to generate a key pair and add that private key to your remote machine, and add the public key to  the server so that it can be accessed using that key.

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
RSAAuthentication yes
PasswordAuthentication no

This will deny any password, and will only allow users access with a key.

In a professional network, you would usually be informing your users what they are allowed to do and what not, and any other necessary information

The configuration file to edit for banners is: /etc/motd
To open the file in editor, type: nano /etc/motd or sudo /etc/motd

Edit the file, just as you would do in notepad.

You can also place the banner in a file and reference it in the /etc/motd

eg: nano banner.txt will create a banner.txt file and immediately open up the editor.

Edit the banner, and ctrl + x / y to save it. Then, reference it in the motd file using

Banner /home/users/appualscom/banner.txt OR whatever, the file path is.

Just like the banner, you can also add a message before the login prompt, the file for editing is /etc/issue

SSH Tunneling

SSH Tunneling allows you to tunnel the traffic from your local machine to a remote machine. It is created through SSH protocols and is encrypted. Check out the article on SSH Tunneling

Graphical Session Over SSH Tunnel

Enable the graphical/gui session by uncommenting the following line
X11Forwarding yes

On the client’s end the command would be:
ssh -X root@10.10.10.111

You can run program like firefox, etc by using simple commands:
firefox

If you get a display error, then set the address:
export DISPLAY=IPaddressofmachine:0.0

TCP Wrappers

If you wish to allow selected hosts and deny some, then these are the files you need to edit

1. /etc/hosts.allow
2. /etc/hosts.deny

To allow a few hosts

sshd: 10.10.10.111

To block everyone from sshing into your server, add the following line in /etc/hosts.deny
sshd: ALL

SCP – Secure Copy

SCP – secure copy is a file transfer utility. You will need to use the following command to copy/transfer files over ssh.

command below will copy myfile to /home/user2 on 10.10.10.111
scp /home/user/myfile root@10.10.10.111:/home/user2
scp source destination syntax

To copy a folder
scp –r /home/user/myfolder roor@10.10.10.111:/home/user2

Searching For Files On A Remote Machine

It is very easy to search for files on a remote machine and view the output on your system. To search files on a remote machine

ssh root@10.10.10.111 “find /home/user –name ‘*.jpg’”

The command will search in /home/user directory for all *.jpg files, you can play with it. find / -name will search the entire / root directory.

SSH Additional Security

iptables allows you to set time based limitations. The commands below will block the user for 120 seconds if they fail to authenticate. You can use /second /hour /minute or /day parameter in the command to specify the period..

Time Based Limits
iptables -A INPUT -p tcp -m state –syn –state NEW –dport 22 -m limit –limit 120/second –limit-burst 1 -j ACCEPT

iptables -A INPUT -p tcp -m state –syn –state NEW –dport 5000 -j DROP

5000 is the port, change it as per your settings.

Allowing authentication from a specific IP
iptables -A INPUT -p tcp -m state –state NEW –source 10.10.10.111 –dport 22 -j ACCEPT

Other useful commands

Attach a screen over SSH
ssh -t root@10.10.10.111 screen –r
SSH Transfer Speed Check
yes | pv | ssh $root@10.10.10.111 “cat > /dev/null”

Kevin Arrows


Kevin is a dynamic and self-motivated information technology professional, with a Thorough knowledge of all facets pertaining to network infrastructure design, implementation and administration. Superior record of delivering simultaneous large-scale mission critical projects on time and under budget.

Expert Tip

Your Guide To Using SSH

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested