How to SSH into a Server from a Linux Machine
Objective
Learn how to use the ssh command on a Linux machine to securely connect to a remote server. This lab covers the steps for establishing an SSH connection, setting up key-based authentication, and troubleshooting common issues.
Prerequisites
- Linux Environment:
- Ensure the
ssh
command is available by running:ssh -V
- If not installed, install OpenSSH client:
sudo apt update && sudo apt install openssh-client
- Ensure the
- Access to a Remote Server:
- You will need the following:
- Server IP/Hostname: e.g.,
192.168.1.100
orexample.com
. - Username: e.g.,
admin
. - Password or Private Key for authentication.
- Server IP/Hostname: e.g.,
- Ensure SSH is enabled on the server.
- You will need the following:
- Basic Understanding of SSH:
- SSH (Secure Shell) is used for secure communication between systems over a network.
Step 1: Establishing a Basic SSH Connection
- Open a terminal on your Linux machine.
- Use the following command to connect:
ssh <username>@<server_ip>
- Replace
<username>
with your server username (e.g.,admin
). - Replace
<server_ip>
with the server’s IP or hostname (e.g.,192.168.1.100
).
- Replace
- If prompted, accept the server’s SSH key:
The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established. RSA key fingerprint is ... Are you sure you want to continue connecting (yes/no)?
- Type
yes
and press Enter.
- Type
- Enter your password when prompted:
- After successful authentication, you will gain access to the server’s command line.
Step 2: Using Key-Based Authentication (Optional)
Generating an SSH Key Pair
- On your Linux machine, generate an SSH key pair:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
-t rsa
: Specifies the RSA algorithm.-b 4096
: Sets the key size to 4096 bits for stronger security.
- Save the key when prompted:
- Press Enter to use the default location (
~/.ssh/id_rsa
). - Optionally, set a passphrase for added security.
- Press Enter to use the default location (
Copying the Public Key to the Server
- Use the following command to copy your public key to the server:
ssh-copy-id <username>@<server_ip>
- Replace
<username>
and<server_ip>
with your credentials.
- Replace
- Enter your password when prompted.
- Verify the key was added:
- Check the server’s
~/.ssh/authorized_keys
file to ensure your key is listed.
- Check the server’s
Connecting Using the Private Key
- SSH into the server using your private key:
ssh <username>@<server_ip>
- If a passphrase was set for your key, enter it when prompted.
Step 3: Advanced SSH Options
- Specifying a Port:
- If the server uses a non-default SSH port, specify it with the
-p
option:ssh -p <port> <username>@<server_ip>
- Replace
<port>
with the custom port number.
- If the server uses a non-default SSH port, specify it with the
- Verbose Mode:
- Use the
-v
flag to see detailed output for debugging:ssh -v <username>@<server_ip>
- Use the
- Running a Single Command:
- Execute a command on the server without starting an interactive session:
ssh <username>@<server_ip> "<command>"
- Example:
ssh admin@192.168.1.100 "ls -l /var/www"
- Example:
- Execute a command on the server without starting an interactive session:
- Using Config Files:
- Simplify frequent connections by editing the SSH configuration file:
nano ~/.ssh/config
- Add the following:
Host myserver HostName 192.168.1.100 User admin Port 22
- Connect using:
ssh myserver
- Add the following:
- Simplify frequent connections by editing the SSH configuration file:
Step 4: Troubleshooting Common Issues
- Connection Timeout:
- Ensure the server is online and reachable.
- Verify the server firewall allows SSH traffic (default port
22
).
- Permission Denied:
- Double-check your username and password.
- If using a key, ensure it matches the server’s authorized keys.
- Host Key Changed:
- If the server’s SSH key changes, you’ll see a warning:
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
- Resolve this by editing the
~/.ssh/known_hosts
file and removing the old entry:nano ~/.ssh/known_hosts
- If the server’s SSH key changes, you’ll see a warning:
- Unable to Resolve Hostname:
- Verify the hostname is correct and DNS is functioning.
- Use the server’s IP address if necessary.
Step 5: Securing Your SSH Server
- Disable Password Authentication:
- On the server, edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
- Set the following:
PasswordAuthentication no
- Restart the SSH service:
sudo systemctl restart ssh
- On the server, edit the SSH configuration file:
- Change the Default Port:
- Edit the SSH configuration file and change the
Port
value:Port 2222
- Restart the SSH service.
- Edit the SSH configuration file and change the
- Use Fail2Ban:
- Install and configure Fail2Ban to block repeated login attempts.
Additional Tips and Insights
- Command-Line Proficiency:
- Learn basic Linux commands to effectively use the server once connected.
- Combine Tools:
- Use tools like SCP or Rsync alongside SSH for secure file transfers.
- Logging:
- Check the server’s SSH logs for troubleshooting:
sudo tail -f /var/log/auth.log
- Check the server’s SSH logs for troubleshooting:
- Multi-Factor Authentication:
- Enable MFA for an additional layer of security.
Key Takeaways
- The
ssh
command is a powerful tool for securely accessing remote servers from Linux. - Understanding key-based authentication enhances both security and convenience.
- Regularly review and secure your SSH configurations to prevent unauthorized access.