Accessing A Remote Host Using SSH To access a remote host/machine using SSH, you will need to have the following: a) PuTTy (Free SSH Client) b) SSH Server Username c) SSH Server Password d) SSH Port which is usually 22 but since 22 is default, it should be changed to a different port to avoid attacks on this port. In a Linux Machine, the username root is the administrator by default and contains all the administrative rights. In Terminal, the following command will initiate a connection to the server. This is how the terminal looks like:
Your commands will be typed after the $ symbol. For help with any command in terminal/putty, use the syntax: So what i am going to do now, is SSH using PuTTy into my Debian OS running on VMWare. man, followed by any command will return on-screen command guidance But before i do that, i need to enable SSH by logging into my my VM Debian – If you have just purchased a server from a hosting company, then you can request them to enable SSH for you. And, here’s what i’ve got, logged in to SSH via PuTTy: Since i am using Ubuntu, and ssh was not installed, so To install ssh use these commands sudo apt-get install openssh-client sudo apt-get install openssh-server
Now this is what it takes to setup SSH and establish a session via PuTTy – Below, i will address some basic advanced features that will slowly start to give you a greater view of the whole scenario. After editing any file, use CTRL + X and hit Y key to save and exit it (nano editor) The SSH port can be changed from the configuration file, default port is 22. The basic commands, cat, vi and nano will work for other stuff as well. To learn more about commands specifically, use Google Search. If you make any changes to any configuration file, then a restart is required for that service. Moving further, let’s assume we now wish to change our port, so what we’re going to do is edit the sshd_config file, and i would use nano /etc/ssh/sshd_config
You must be logged in as admin, or use sudo nano /etc/ssh/sshd_config to edit the file. After it has been edited, restart the ssh service, sudo /etc/init.d/ssh restart If you are changing a port, be sure to allow it in your IPTABLES, if you are using the default firewall. There are several directives in the configuration file, as discussed earlier, there are two protocols for SSH (1 & 2). If it is set to 1, change it to 2. Below is a bit of my configuration file: Root is the administrator, and it is recommended that it must be disabled, otherwise if you are open to remote connections, you may become a subject of a brute force attack or other ssh vulnerabilities – Linux servers, are the most loved boxes by hackers, the directive LoginGraceTime, sets up a time limit for user to login and authenticate, if the user doesn’t, then the connection closes – leave that to default.
What ports, IPs and protocols we listen for Port 5000 replaced number 22 with port # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 replaced protocol 1 with 2
don’t forget to restart the service after making changes In a professional network, you would usually be informing your users what they are allowed to do and what not, and any other necessary information This will deny any password, and will only allow users access with a key. The configuration file to edit for banners is: /etc/motd To open the file in editor, type: nano /etc/motd or sudo /etc/motd Edit the file, just as you would do in notepad. You can also place the banner in a file and reference it in the /etc/motd eg: nano banner.txt will create a banner.txt file and immediately open up the editor. Edit the banner, and ctrl + x / y to save it. Then, reference it in the motd file using Banner /home/users/appualscom/banner.txt OR whatever, the file path is. Just like the banner, you can also add a message before the login prompt, the file for editing is /etc/issue SSH Tunneling SSH Tunneling allows you to tunnel the traffic from your local machine to a remote machine. It is created through SSH protocols and is encrypted. Graphical Session Over SSH Tunnel TCP Wrappers You can run program like firefox, etc by using simple commands: firefox If you get a display error, then set the address: export DISPLAY=IPaddressofmachine:0.0 If you wish to allow selected hosts and deny some, then these are the files you need to edit SCP – Secure Copy To allow a few hosts sshd: 10.10.10.111 To block everyone from sshing into your server, add the following line in /etc/hosts.deny sshd: ALL SCP – secure copy is a file transfer utility. You will need to use the following command to copy/transfer files over ssh. Searching For Files On A Remote Machine To copy a folder scp –r /home/user/myfolder roor@10.10.10.111:/home/user2 It is very easy to search for files on a remote machine and view the output on your system. To search files on a remote machine SSH Additional Security iptables allows you to set time based limitations. The commands below will block the user for 120 seconds if they fail to authenticate. You can use /second /hour /minute or /day parameter in the command to specify the period.. 5000 is the port, change it as per your settings. Allowing authentication from a specific IP iptables -A INPUT -p tcp -m state –state NEW –source 10.10.10.111 –dport 22 -j ACCEPT Attach a screen over SSH ssh -t root@10.10.10.111 screen –r SSH Transfer Speed Check yes | pv | ssh $root@10.10.10.111 “cat > /dev/null”
How To Access Graphical User Interface (GUI) Of Raspberry Pi Using SSH And VNC…Create SSH key pair in Microsoft Azure and add it to Ubuntu ServerFix: SSH Error ‘could not resolve hostname server’BEST GUIDE: How to Use Speech to Text On Your iPhone or Android Phone