ssh

Use SSH to Remotely Access Server Terminals

Posted by hnqiu on April 30, 2019

:unlock: This post is open-sourced.

:pencil: This post is to record necessary commands to set up and use SSH. If you are looking for some more details please check Zach Duey’s blog, ubuntu help wiki and scp syntax.

Introduction

SSH (Secure SHell) is a network protocol that allows one to have securely remote terminal access to one computer from another. One big benefit of SSH is that we can have multiple terminal logins to the same server without interfering with each other, which is perfect if we are using shared host servers.

If the host and client machines do not belong to the same local network, we will need to set up port forwarding in the router of the destination server to bind our host machine to the logical port. So when a request is sent to the port, it will be forwarded to the host machine. Generally port 22 is used for SSH services. As I am using university-based host servers, I assume the university will not easily allow me to configure the router, so in this note, we will only be focusing on the case that the machines are in the same private network.

So what I have are a Macbook as the local machine and a Ubuntu desktop as the host server. To use SSH, we will need to install an SSH client on our local machine (since the OpenSSH services are installed on Mac by default, I will skip this), and an SSH server on the Ubuntu we are trying to connect to.

Installing OpenSSH

OpenSSH is the most popular SSH tool. To use OpenSSH services,

  • Install openssh-server on the host machine 
    sudo apt-get install openssh-server

    Use ssh localhost to see if we can login to the host machine from itself, then use exit to logout.

  • Check IP address of the host machine 
    ifconfig | grep "inet addr"
  • Use ssh on local machine to remotely login to the host and enter the password when prompted 
    ssh <username>@<ip_addr>

More Secure Authentication

In the previous section, we use password authentication to login to the host machine. However, this method is considered to be insecure. Key-based logins are, on the contrary, theoretically unbreakable.

  • Generate public and private key set (on local machine) 
    cd ~/.ssh
ssh-keygen -t rsa

    After several Enters we should have a public key id_rsa.pub and a private key id_rsa.

    :exclamation: Remember never share the private key with anyone.

  • Transfer public key to the host 
    ssh-copy-id <username>@<ip_addr>

    Enter the password when prompted, after which we should be able to login without password when doing:

    ssh <username>@<ip_addr>

    We can also navigate to ~/.ssh on the host machine to have a look at autorized_keys:

    less autorized_keys

    It should contain the client’s public key.

Disable Password Authentication

After transferring the client key, it is best to disable password authentication. On the host machine,

cd /etc/ssh
sudo vim sshd_config

Find the following lines

#PasswordAuthentication yes

Change it to

PasswordAuthentication no

Save and quit vim. Restart ssh:

sudo service ssh restart

Copy Files Using SSH

We can use scp to copy files from our local machine to the host, and vice versa. On the local machine, use the following

# copy files to the host
scp <file> ... <file> <username>@<ip_addr>:<destination> 
scp -r <folder> ... <folder> <username>@<ip_addr>:<destination>
# example
# scp testfile user@10.0.0.1:~/Desktop

# copy files from the host
scp <username>@<ip_addr>:<dir>/<file> <destination> # one file
scp <username>@<ip_addr>:<dir>/"{<file1>,<file2>}" <destination> # multiple files

Making Things Easier

It would be really annoying having to type the user name and ip address every time, but we can use an SSH config file to make it painless.

Create a config file in ~/.ssh with the following contents:

Host <somename>
    Hostname <host's IP or hostname>
    User <username>

When using SSH, just type

ssh <somename>

to connect to the host.

Use SSH to Access Virtual Machines

VirtualBox uses network address translation (NAT) by default as the method to remapping the host’s IP address into the virtual machine. It acts like a private network and the virtual machine is invisible from the outside network, unless we set up port forwarding.

A much easier way is to change the network setting: go to Settings->Network, select Attached to to Bridged Adapter and save. Run the machine, and in the terminal use ifconfig to catch the IP address. Ideally, the virtial machine will be assigned a different IP address from the host, like it is physically connected to the outside network.

FEATURED TAGS
ssh cheatsheets c++