Linux remote access using SSH


SSH offers a secure way, to have a telnet-like connection. It can also be used for transferring files or X11 window data.

Using SSH

Using SSH is quite simple and straightforward. The server system needs to run a program called sshd. This application can be started with /etc/init.d/sshd start.

To connect to the server, use the ssh-client from the command line.

Connecting to the local system:
ssh username@localhost

Port 22 needs to be open in the firewall.

SSH Example

The following example demonstrates a text-based login from the Linux command line. The user connects to the remote system, runs two commands, and logs out again.

An SSH login example:
diederik@pts/2 ~ $ ssh diederik@hal9000

 Hi, You are connected with hal9000
 Unauthorized access will be logged

Last login: Mon Apr  4 22:05:43 2005 from hal9000.lan
Have a lot of fun...
diederik@hal9000 ~ $ uptime
 10:06pm  up  14:46,  5 users,  load average: 0.03, 0.07, 0.09
diederik@hal9000 ~ $ ps uxf
diederik 12362  0.0  0.2  8384 2540 ?        S    22:08   0:00 sshd: diederik@pts/3
diederik 12363  1.5  0.1  4236 1896 pts/3    Ss   22:08   0:00  \_ -bash
diederik 12392  0.0  0.0  2364  664 pts/3    R+   22:08   0:00      \_ ps uxf
diederik@hal9000 ~ $ logout
Connection to hal9000 closed.
diederik@pts/2 ~ $

SSH Applications

There are various good SSH applications:

The OpenSSH suite is installed at most Linux systems by default. It also comes with command-line tools like scp and sftp to transfer files over SSH.
PuTTY is a free, small and feature rich SSH client for Windows. It does not require any installation, simply download and run PuTTY.exe.
WinSCP is a nice complement to PuTTY, it can be used to transfer files over SSH. This tool is also free to use, and like PuTTY, it consists of just one .exe file that does not require any installation.
KDE/GNOME filemanager
The file managers of KDE and GNOME are able to transfer files from SSH, using the sftp:// or fish:// protocols.

SSH Server Security

There are a few settings that can make the SSH server a bit more secure:

Making sshd more secure: /etc/ssh/sshd_config
Protocol 2
PermitRootLogin no
AllowUsers username

These settings enforce protocol version 2 only, and restrict the number of users who may login. Also consider changing the port number, to avoid automated login attempts.

Security details

By default, most servers are configured with "Protocol 2,1". This allows users to connect with both protocol version 1, and 2. It's better to disable version 1 of the SSH protocol, it's less secure and rarely used anyway.

By default, every system user can login remotely with SSH. This is not a desired situation. There is no control to whom can login. The PermitRootLogin no line forces clients to login with a normal user account, and use su - manually. This might be inconvenient, but prevents people from breaking into the root account! The AllowUsers restriction also prevents people from breaking into the system using a standard user name, like root or nobody.

The AllowUsers line also accepts tokens in the form user@host, and wildcards like * and ? to define more specific access rules. As an alternative to AllowUsers, use AllowGroups to permit access to certain system groups (for example, a group called "sshusers").

Related articles

blog comments powered by Disqus