Posted on 12/19/2019 8:05:28 AM PST by ShadowAce
Secure Shell (SSH) is a cryptographic network protocol used for an encrypted connection between a client and a server. The ssh client creates a secure connection to the SSH server on a remote machine. The encrypted connection can be used to execute commands on the server, X11 tunneling, port forwarding, and more.
There are a number of SSH clients available both free and commercial, with OpenSSH being the most widely used client. It is available on all major platforms, including Linux, OpenBSD, Windows, macOS and others.
In this article, we will explain how to use the OpenSSH command-line client (ssh) to login to a remote machine and run commands or perform other operations.
The OpenSSH client program is called ssh and can be invoked from the terminal. The OpenSSH client package also provides other SSH utilities such as scp and sftp that are installed alongside the ssh command.
OpenSSH client is preinstalled on most Linux distributions by default. If your system doesn't have the ssh client installed, you can install it using the package manager of your distribution.
sudo apt update
sudo apt install openssh-client
sudo dnf install openssh-clients
Most Windows users are using Putty to connect to a remote machine over SSH. However, the latest versions of Windows 10 include an OpenSSH client and server. Both packages can be installed via the GUI or PowerShell.
To find the exact name of the OpenSSH package, type the following command:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
The command should return something like this:
Name : OpenSSH.Client~~~~0.0.1.0
State : NotPresent
Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
Once you know the package name install it by running:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
On success the output will look something like this:
Path :
Online : True
RestartNeeded : False
macOS ships with the OpenSSH client installed by default.
ssh CommandThe following requirements must be met to be able to login into a remote machine via SSH:
The basic syntax of the ssh command is as follows:
ssh [OPTIONS] [USER@]:HOST
To use the ssh command open your Terminal or PowerShell and type ssh followed by the remote hostname:
ssh ssh.linuxize.com
When you connect to a remote machine through SSH for the first time, you will see a message like below.
The authenticity of host 'ssh.linuxize.com (192.168.121.111)' can't be established.
ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY.
Are you sure you want to continue connecting (yes/no)?
Each host has a unique fingerprint that is stored in the ~/.ssh/known_hosts file.
Type yes to store the remote fingerprint, and you’ll be prompted to enter your password.
Warning: Permanently added 'ssh.linuxize.com' (ECDSA) to the list of known hosts.
dev@ssh.linuxize.com's password:
Once you enter the password, you will be logged into the remote machine.
When the username is not given, the ssh command uses the current system login name.
To log in as a different user, specify the username and the host in the following format:
ssh username@hostname
The username can also be specified with the -l option:
ssh -l username hostname
By default, when no port is given, the SSH client will try to connect to the remote server on port 22. On some servers, administrators are changing the default SSH port to add an extra layer of security to the server by reducing the risk of automated attacks.
To connect on a non-default port, use the -p option to specify the port:
ssh -p 5522 username@hostname
If you are experiencing authentication or connection issues, use the -v option to tell ssh to print debugging messages:
ssh -v username@hostname
To increase the level of verbosity, use -vv or -vvv.
The ssh command accepts a number of options.
For a complete list of all options read the ssh man page by typing man ssh in your terminal.
If you are connecting to multiple remote systems over SSH on a daily basis, you'll find that remembering all of the remote IP addresses, different usernames, non-standard ports, and various command-line options is difficult, if not impossible.
The OpenSSH client reads the options set in the per-user configuration file (~/.ssh/config). In this file, you can store different SSH options for each remote machine you connect to.
A sample SSH config is shown below:
Host dev
HostName dev.linuxize.com
User mike
Port 4422
When you invoke the ssh client by typing ssh dev the command will read the ~/.ssh/config file and use the connection details that are specified for the dev host. In this example, ssh dev is equivalent to the following:
ssh -p 4422 mike@dev.linuxize.com
For more information, check the article on SSH config file.
The SSH protocol supports various authentication mechanisms.
The public key-based authentication mechanism allows you to log in to the remote server without having to type your password.
This method works by generating a pair of cryptographic keys that are used for authentication. The private key is stored on the client device, and the public key is transferred to each remote server that you want to log in. The remote server must be configured to accept key authentication.
If you already don't have SSH key pair on your local machine you can generate one by typing:
ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"
You will be asked to type a secure passphrase. Whether you want to use passphrase it's up to you.
Once you have your key pair, copy the public key to the remote server:
ssh-copy-id username@hostname
Enter the remote user password, and the public key will be appended to the remote user authorized_keys file.
Once the key is uploaded, you can log in to the remote server without being prompted for a password.
By setting a key-based authentication, you can simplify the login process and increase the overall server security.
SSH tunneling or SSH port forwarding is a method of creating an encrypted SSH connection between a client and a server machine through which services ports can be relayed.
SSH forwarding is useful for transporting network data of services that use an unencrypted protocol, such as VNC or FTP, accessing geo-restricted content or bypassing intermediate firewalls. Basically, you can forward any TCP port and tunnel the traffic over a secure SSH connection.
There are three types of SSH port forwarding:
Local port forwarding allows you to forward a connection from the client host to the SSH server host and then to the destination host port.
To create a local port forwarding pass the -L option to the ssh client:
ssh -L [LOCAL_IP:]LOCAL_PORT:DESTINATION_HOST:DESTINATION_PORT -N -f username@hostname
The -f option tells the ssh command to run in the background and -N not to execute a remote command.
Remote port forwarding is the opposite of local port forwarding. It forwards a port from the server host to the client host and then to the destination host port.
The -L option tells ssh to create a remote port forwarding:
ssh -R [REMOTE:]REMOTE_PORT:DESTINATION:DESTINATION_PORT -N -f username@hostname
Dynamic port forwarding creates a SOCKS proxy server that allows communication across a range of ports.
To create a dynamic port forwarding (SOCKS) pass the -D option to the ssh client:
ssh -R [LOCAL_IP:]LOCAL_PORT -N -f username@hostname
For more detailed information and step-by-step instruction, check the article on How to Set up SSH Tunneling (Port Forwarding) .
Mainframe ping.
Reading between the lines I kind of thought that was the case. I could see a use for securely sharing large files between two computers over a wireless network?
Yup. That's a good use case. IIRC, scp can also do a checksum on the transferred file to make sure that both the source and target are identical, though for that you're better off using rsync which uses the same protocols, and is insanely powerful and flexible.
Man, that is a large wait staff under your management
.
But actually it is good the Jim and John has some very knowledge tech. people like you onboard in case of an emergency with FR, though they seem to have handled the many downtimes over the years themselves, by the grace of God.
And when i comes to Linux I am still in kindergarten. Tried install Linuxmint-19.3-mate-64bit on a PC I used extensively under Windows 10 64 bit (AMD 4350 quad core 4.2Ghz CPU; 16 Gb RAM and one SSD drive and one Sata drive), but as usual, no wireless. In 2019.
I tried 4 USB wireless (realtek 8811cu; realtek 8812bu; RT3070; RTL8811AU [for which I have Linux drivers]); 3 of which work in Windows 10, but Linux Mint does not even show an option for wireless unless you create one. And the only indication it even detected hardware was for a Alfa AWUSO36NH (Chipset. Ralink RT3070) which is supposed to work in Linux.
I set up a wireless connection the best I could but it would not connect. This was the live copy of Mint, and I have no other way to connect to the Internet but wireless.
I searched and searched and read pages and pages on this in Linux forums, and the conclusion is that there is no simply solution or a promised one. The correct drivers must be found somewhere and somehow compiled, whatever that means.
I also read that you are not supposed to just install and run Linux from a SSD, but engage in some edits to do with the swap file, or lack of one. But one thing at a time.
I am going to try KDE neon next.
Thanks for at least being an ear. Sorry to lay this on you but you
If I could only have one hand tool, it would likely be a Leatherman multi-tool because it can do so many things. SSH is like that — if I could only have one network communications tool, it would be SSH.
Computer work without SSH? I cannot imagine it.
Wanted to let you know that I tried KDE neon and it detected and configured the Alfa AWUSO36NH and thus I was connected quickly. I see no option to connect automatically, though there is a means for prioritizing each.
So I installed it on a 120GB SSD drive and it is quite fast. Among other things though, it is missing features I like (such as being able to right click on a icon and go right to the source) but the display (windows background etc.) options are over the top.
“though for that you’re better off using rsync which uses the same protocols, and is insanely powerful and flexible.”
Thank you for the reply, Personally I have never really had a need yet. I did hook two together to see if my option to connect a MS PC to my linux PC would work but I wasn’t worried about security. This mint comes boxed with samba setup in the network manager and it was a breeze. But I know at some point I am definitely going to need this knowledge, probably on one of my kids networks, so I much appreciate the rsync suggestion! :)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.