The SSH command provides a secure encrypted connection between two hosts over an insecure network. This connection can also be used for terminal access, file transfers, and for tunneling other applications. Graphical X11 applications can also be run securely over SSH from a remote location.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Ubuntu related queries.
In this context, we shall look into how to remotely connect to Linux Server over SSH.
SSH (stands for secure shell) is a protocol used for securely accessing a remote system. It is the most commonly used protocol in Linux systems for remotely administering, managing, and troubleshooting the remote servers.
Here we will use the following prerequisites to establish remote connection over SSH:
i. Two Ubuntu machines (for remote server and client)
ii. Sudo user on both server and client machine
iii. Remote server’s IP address or hostname
iv. Remote server’s port number, user name, and password
In order to SSH Linux system, the steps involved are:
i. Installing OpenSSH on remote server.
ii. Configuring OpenSSH on remote server.
iii. Installing OpenSSH client on the local client machine.
iv. Accessing remote Linux server through SSH client.
In this guide, we will implement the task on Ubuntu 20.04 LTS.
OpenSSH is a tool for remotely connecting the system over SSH. You will need to install it on the system which you want to access over SSH.
i. On the remote server, open the Terminal and issue the following command:
$ sudo apt updateii. Then in order to install the OpenSSH server, issue the following command in Terminal:
$ sudo apt install openssh-serveriii. Then type sudo password.
iv. When asked for confirmation, hit y, after which the system will start the installation.
Once the installation of OpenSSH is completed, you will need to perform some necessary configurations. The SSH configuration file is "/etc/ssh/sshd_config".
i. To edit the configuration file, issue the following command in Terminal:
$ nano /etc/ssh/sshd_configii. Before making any changes to this file, it is better to make a copy of the original configuration file using the following command:
$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.originalWe will only configure some of the options while leaving the rest of the options to default.
By default, OpenSSH runs on TCP port 22. However, if you want the OpenSSH server to listen on some other port (Between port numbers 1024 – 65535), you can do so as follows:
i. Edit the /etc/ssh/sshd_config configuration file:
$ sudo nano /etc/ssh/sshd_configii. Locate ‘port 22’ in the file. You can use Ctrl+W to search it.
Replace 22 by the port number you want your OpenSSH server to listen to. Also, remove the # symbol before the line.
For instance, to set OpenSSH listening port to 250, the line would be:
port 250 iii. Now save the configuration file.
By default, root login is disabled in the OpenSSH server which means you cannot log in as a root user. If you need to log in as a root user to your remote SSH server, you will need to enable root login in Open SSH configuration.
i. Edit the /etc/ssh/sshd_config configuration file:
$ sudo nano /etc/ssh/sshd_configii. Locate PermitRootLogin prohibit-password and replace it with the following line. iii. Also, remove the # symbol before the line.
PermitRootLogin yesiv. Now save the configuration file.
By default, there are 6 authentication attempts allowed to log in to the SSH server. You can reduce these authentication attempts by changing the value of parameter MaxAuthTries.
i. For instance, to reduce the number of authentication attempts to 3, edit the /etc/ssh/sshd_config configuration file:
$ sudo nano /etc/ssh/sshd_configii. Then locate MaxAuthTries and change its value to 3.
iii. Also, remove the # symbol before the line.
MaxAuthTries 3iv. Now save the configuration file.
By default, all user accounts are allowed to log in to remote system via SSH.
i. In order to allow only certain users to log in to the SSH server, edit the /etc/ssh/sshd_config file:
$ sudo nano /etc/ssh/sshd_configii. Then add the following line in this file by replacing user1 and user2 with the name of the users who are allowed to log in.
AllowUsers user1 user2Similarly, to deny any user from accessing the SSH server, add the following line in this file by replacing user1 and user2 with the name of the users who are not allowed to log in.
DenyUsers user1 user2The above line will allow all users except 'user' to login via SSH.
Now, save the configuration file.
After making any changes to the configuration file, restart SSH service by using the following command:
$ sudo service ssh restartOn the client machine that wants to connect to the Linux server via SSH, we will need to install OpenSSH client utility.
i. To install OpenSSH client, issue the following command in the client machine’s Terminal:
$ sudo apt install openssh-clientii. When asked for the password, provide sudo password.
iii. When asked for confirmation, hit y, after which the system will start the installation. Once the installation is completed, you are ready to use the OpenSSH client.
Through OpenSSH client, you can connect to the SSH server over LAN either using the IP address or hostname.
i. On the client's machine, use the following syntax to connect remote server over SSH:
$ ssh [username]@[remoteserver IP or hostname]ii. When prompted for the password, enter the user's password. Once the connection is established, you will see the shell prompt for the remote server.
In case, you have changed the OpenSSH listening port, then the command to connect to SSH server would be:
$ ssh -p [port_number] [username]@[ip_address]In order to connect a remote server over the internet, you will require the Public IP of the remote server and you will also need to set up port forwarding on your router. Here are the steps to how to SSH remote server over the internet:
1. First, you will need to find out the public IP address of the remote server. To do so, issue the following command in the remote machine’s terminal:
$ curl ipaddr.pub2. Now, you will need to set up forwarding on the router. How to setup it differs from router to router but almost all the routers allow you to do this.
3. Once you find the public IP address of the remote machine and setup port forwarding on the router, use the following syntax to SSH remote Linux machine:
$ ssh [username]@[public_ip_address]In case, the remote server is configured to use a port number other than 22, then the syntax would be:
$ ssh -p [port_number] [username]@[public_ip_address]This article will guide you on how to #SSH remote Linux servers using #OpenSSH utility. We have also discussed some basic configurations that you may find useful when connecting via SSH. Now you can easily manage remote #Linux servers for administration and troubleshooting.
To Enable #root login over SSH:
1. As root, edit the sshd_config file in /etc/ssh/sshd_config :
nano /etc/ssh/sshd_config.
2. Add a line in the Authentication section of the file that says PermitRootLogin yes.
3. Save the updated /etc/ssh/sshd_config file.
4. Restart the SSH server: service sshd restart.
