01. What is SSH:
SSH, also known as Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer. SSH also refers to the suite of utilities that implement the protocol. Secure Shell provides strong authentication and secure encrypted data communications between two computers connecting over an insecure network such as the Internet. SSH is widely used by network administrators for managing systems and applications remotely, allowing them to log in to another computer over a network, execute commands and move files from one computer to another.
The SSH suite comprises three utilities — slogin, ssh and scp — that are secure versions of the earlier insecure UNIX utilities, rlogin, rsh, and rcp.
02. Install SSH :
There is many packages that provide ssh suits , we will use the most popular one which is openssh-server as service daemon and openssh-clients as client tool to connect to ssh servers, it is installed by default in CentOS and many other distributions.
yum -y install openssh-server openssh-clients #FOR Debian based distributions, use apt apt-get install openssh-server openssh-client -y
03. Starting the service:
As systemd is now used in CentOS and ubuntu, the following commands run for them all (service name in ubuntu may be ssh or sshd).
systemctl enable sshd systemctl start sshd systemctl status sshd
04. Configure Firewall :
firewall-cmd --permanent --add-service=ssh firewall-cmd --reload # If you are using ubuntu UFW firewall : ufw allow OpenSSH
05. Connecting to ssh:
openssh-clients provide ssh tool but you may use any third party like putty or others, we are using ssh here as default in linux:
ssh firstname.lastname@example.org ssh email@example.com
it will ask if you trust the Key , enter: yes
then provide your password for the user you used to login
06. More Configurations:
The default configuration is good enough as it use keys and passwords together which is secure enough, but if you want for some reason to change it to use only one method , you can but not recommended, root remote login not allowed by default which is good practice, timing for inactive session before logout , more will be found in configuration file in /etc/ssh/sshd_config
*/etc/ssh/ssh_config is client ssh configuration file, it is not our target, skip it.
X11Forwarding yes #uncomment this line if you want to allow gui software to run remotely
PermitRootLogin yes #uncomment this to allow root user remote login, not recommended.
read through the configuration file and ask before making changes.
ssh keys are stored in clients and used next login without asking if accept the key , stored in user’s home ~/.ssh/known_hosts , each host will have record like this, (remove it manually if key is changed or stolen ,..) :
192.168.1.100 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHw8EToUllWS+EMyWYASmOtZUIx/tr3zXgh+LyKPKOZhHUBOnFmjUJ61vysx1p6fvc+1Sy+C3RByrkCzioWiq5Y=
07. Copy id key to remote hosts:
To copy the key to the remote client (it asks for the first time to accept key, so not always needed to do it):
ssh-copy-id user@remote-client-IP-OR-DNS-Name ssh-copy-id firstname.lastname@example.org
08. Secure copy SCP :
scp is a tool installed with openssh package for easier copying files using ssh securely without login (so similar to cp):
#copying from local to remote: scp /etc/hosts email@example.com:/tmp/ #copying from remote to locall scp firstname.lastname@example.org:/root/secretfile /root/
Thanks for reading this, i hope it was simple, and keep comments if any.