How to SSH into a Server from a Linux Machine

Objective

Learn how to use the ssh command on a Linux machine to securely connect to a remote server. This lab covers the steps for establishing an SSH connection, setting up key-based authentication, and troubleshooting common issues.

Prerequisites

1. Linux Environment:
   • Ensure the ssh command is available by running:

     ssh -V
     

   • If not installed, install OpenSSH client:

     sudo apt update && sudo apt install openssh-client
     

2. Access to a Remote Server:
   • You will need the following:
     • Server IP/Hostname: e.g., 192.168.1.100 or example.com.
     • Username: e.g., admin.
     • Password or Private Key for authentication.
   • Ensure SSH is enabled on the server.
3. Basic Understanding of SSH:
   • SSH (Secure Shell) is used for secure communication between systems over a network.

Step 1: Establishing a Basic SSH Connection

1. Open a terminal on your Linux machine.
2. Use the following command to connect:

   ssh <username>@<server_ip>
   

   • Replace <username> with your server username (e.g., admin).
   • Replace <server_ip> with the server’s IP or hostname (e.g., 192.168.1.100).
3. If prompted, accept the server’s SSH key:

   The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
   RSA key fingerprint is ...
   Are you sure you want to continue connecting (yes/no)?
   

   • Type yes and press Enter.
4. Enter your password when prompted:
   • After successful authentication, you will gain access to the server’s command line.

Step 2: Using Key-Based Authentication (Optional)

Generating an SSH Key Pair

1. On your Linux machine, generate an SSH key pair:

   ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
   

   • -t rsa: Specifies the RSA algorithm.
   • -b 4096: Sets the key size to 4096 bits for stronger security.
2. Save the key when prompted:
   • Press Enter to use the default location (~/.ssh/id_rsa).
   • Optionally, set a passphrase for added security.

Copying the Public Key to the Server

1. Use the following command to copy your public key to the server:

   ssh-copy-id <username>@<server_ip>
   

   • Replace <username> and <server_ip> with your credentials.
2. Enter your password when prompted.
3. Verify the key was added:
   • Check the server’s ~/.ssh/authorized_keys file to ensure your key is listed.

Connecting Using the Private Key

1. SSH into the server using your private key:

   ssh <username>@<server_ip>
   

2. If a passphrase was set for your key, enter it when prompted.

Step 3: Advanced SSH Options

1. Specifying a Port:
   • If the server uses a non-default SSH port, specify it with the -p option:

     ssh -p <port> <username>@<server_ip>
     

   • Replace <port> with the custom port number.
2. Verbose Mode:
   • Use the -v flag to see detailed output for debugging:

     ssh -v <username>@<server_ip>
     

3. Running a Single Command:
   • Execute a command on the server without starting an interactive session:

     ssh <username>@<server_ip> "<command>"
     

     • Example:

       ssh admin@192.168.1.100 "ls -l /var/www"
       

4. Using Config Files:
   • Simplify frequent connections by editing the SSH configuration file:

     nano ~/.ssh/config
     

     • Add the following:

       Host myserver
           HostName 192.168.1.100
           User admin
           Port 22
       

     • Connect using:

       ssh myserver
       

Step 4: Troubleshooting Common Issues

1. Connection Timeout:
   • Ensure the server is online and reachable.
   • Verify the server firewall allows SSH traffic (default port 22).
2. Permission Denied:
   • Double-check your username and password.
   • If using a key, ensure it matches the server’s authorized keys.
3. Host Key Changed:
   • If the server’s SSH key changes, you’ll see a warning:

     WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
     

   • Resolve this by editing the ~/.ssh/known_hosts file and removing the old entry:

     nano ~/.ssh/known_hosts
     

4. Unable to Resolve Hostname:
   • Verify the hostname is correct and DNS is functioning.
   • Use the server’s IP address if necessary.

Step 5: Securing Your SSH Server

1. Disable Password Authentication:
   • On the server, edit the SSH configuration file:

     sudo nano /etc/ssh/sshd_config
     

   • Set the following:

     PasswordAuthentication no
     

   • Restart the SSH service:

     sudo systemctl restart ssh
     

2. Change the Default Port:
   • Edit the SSH configuration file and change the Port value:

     Port 2222
     

   • Restart the SSH service.
3. Use Fail2Ban:
   • Install and configure Fail2Ban to block repeated login attempts.

Additional Tips and Insights

1. Command-Line Proficiency:
   • Learn basic Linux commands to effectively use the server once connected.
2. Combine Tools:
   • Use tools like SCP or Rsync alongside SSH for secure file transfers.
3. Logging:
   • Check the server’s SSH logs for troubleshooting:

     sudo tail -f /var/log/auth.log
     

4. Multi-Factor Authentication:
   • Enable MFA for an additional layer of security.

Key Takeaways

1. The ssh command is a powerful tool for securely accessing remote servers from Linux.
2. Understanding key-based authentication enhances both security and convenience.
3. Regularly review and secure your SSH configurations to prevent unauthorized access.