Sign In
Sign In

How to Use SSH

How to Use SSH
Hostman Team
Technical writer
Linux
09.07.2024
Reading time: 7 min

Imagine you have rented a cloud server on Hostman to host your website. After purchase, you receive a clean system that you need to set up by installing a web server, uploading files, and so on. Instead of going to a data center with a flash drive, you use the SSH protocol.

In this article, we will discuss how to use SSH in Linux and Windows.

What is SSH?

SSH (Secure Shell) is a protocol for remote access to any Linux operating system device, such as computers, servers, and phones. In other words, it allows you to connect to a device located anywhere in the world.

The word "secure" in the protocol's name means that data exchanged between devices is encrypted, allowing you to work with sensitive information like passwords and access codes securely. Data is transmitted in encrypted form, enhancing the security of the data you work with. Connection and authentication are done in one of two ways:

  1. Password login: A shared secret key is created between the client and server, encrypting the traffic.

  2. SSH Key pair login: Before the first connection, the user generates two keys: a public and a private one. These are stored on the remote and local devices, respectively.

This article will explore the protocol's capabilities, SSH command syntax, and SSH daemon settings.

Logging in with SSH Keys

Using a password to log into a server via SSH is unsafe and inconvenient:

  1. A password can be brute-forced.

  2. Passwords can leak accidentally, especially when dealing with multiple devices and different passwords.

  3. Entering a password every session is tiresome.

The most reliable way is to log in using an RSA key pair. Let’s look at how to use SSH keys to connect to remote servers.

First, create keys on your local computer:

ssh-keygen -t rsa

During creation, you will need to choose the location of the SSH key files and a passphrase. To connect without a password, leave the Passphrase field empty. A passphrase is an additional code that protects the key. If your private key is compromised, attackers won't be able to use it without the passphrase.

Next, send the public key to the server:

ssh-copy-id -p 222 -i ~/.ssh/id_rsa.pub [email protected]

This command will create an SSH session. After entering your password, the public key will be copied to the authorized keys file, and you won't need to enter a password again.

You can further enhance security by completely disabling password access. Edit the /etc/ssh/sshd_config file with the following directives:

  • PasswordAuthentication no — disable password login.

  • PubkeyAuthentication yes — enable SSH key authentication.

  • ChallengeResponseAuthentication no — disable PAM authentication.

After updating the file, reload the SSH daemon:

sudo systemctl reload ssh

Setting Up SSH

To connect, the SSH server (sshd) must be running on the remote device. In Ubuntu, start it using systemd:

sudo systemctl start ssh

On Hostman servers, sshd runs by default.

The sshd server configuration is in the /etc/ssh/sshd_config file. Let's look at the main SSH settings you can use.

  • Port: By default, sshd monitors port 22. Change this to complicate unauthorized access attempts using the Port directive. However, port scanning scripts can still find it, so we recommend closing SSH access for the root user for better security.

  • Superuser Access: By default, remote root user access is allowed to administer Linux servers, which is unsafe. Use the PermitRootLogin no directive to disable this.

  • Protocol: SSH supports protocol versions 1 and 2. Version 2 supports more encryption methods and authentication techniques. Use the Protocol directive to specify a version: Protocol 2.

  • User Access: Enhance security by allowing remote access only for certain users and groups using the AllowUsers and AllowGroups directives. For example:
AllowUsers adm1, adm2

Or

AllowGroups admin, infrastructure

You can also deny access to specific users with DenyUsers and DenyGroups.

  • Logging: Set the logging level with the LogLevel directive. The default is INFO, but you can use VERBOSE or disable logging with QUIET for debugging.

  • Password Access: Control password access with the PasswordAuthentication directive, set to yes (default) or no.

After making changes, restart the sshd server to apply the new configuration. Ensure you have saved the key file on the server or retained password access to avoid losing access:

sudo systemctl reload ssh

Using SSH on Windows

That’s all good for Linux, but you may wonder how to use SSH in Windows.

Well, good news: the latest Windows versions (starting from Windows 10) have a build-in OpenSSH client, so you can simply run Windows PowerShell and connect as usual:

ssh user@server

On older Windows systems, you can use SSH via special applications, which can save connection data and customize color schemes for different sessions, which is useful for managing multiple servers. Popular SSH clients include:

  • PuTTY

  • WinSCP

  • Termius

  • FileZilla (for SFTP)

  • MobaXterm

Syntax

To connect remotely, use the SSH command with the server's IP address or domain name:

ssh example.com

If the local and remote system usernames differ, specify the remote username:

ssh [email protected]
ssh remote@server-ip

End the session with the exit command.

If the remote server uses a non-default port, specify it with the -p flag:

ssh -p 222 [email protected]

Usage Scenarios

Common and interesting SSH use cases include file and directory transfer, SSH tunnels, and SFTP.

File and Directory Transfer

First, let’s talk about how to transfer files using SSH.

With the sshd daemon running on your server, you can use utilities like scp to transfer files using the RCP protocol. To transfer filename.txt to the ~/trash/txt directory on example.com, use:

scp filename.txt [email protected]:~/trash/txt

Reverse the local path and server to copy files from the remote server to your local device. To transfer a directory, add the -r flag and end the destination path with a slash. For example, to copy the images directory from the server to your local documents folder:

scp -r [email protected]:~/images ~/documents/

You can also transfer files between two remote machines by specifying server paths instead of local files.

SSH Tunnels

SSH tunnels provide secure remote access and file transfer over a protected network. They are commonly used for accessing private networks or creating encrypted channels. To forward a port from a remote server, use the -L flag. For example, to access a remote database available only on the local machine's port 3306:

ssh -N 53306:127.0.0.1:3306 [email protected]

In this command, -N means no command needs to be executed on the remote machine, 53306 is the local port, and 127.0.0.1:3306 is the address where MySQL runs on the remote server.

SFTP

SFTP (Secure File Transfer Protocol) operates over a secure channel and is part of OpenSSH. If your SSH daemon works correctly, you can use SFTP without additional setup. Unlike standard FTP, SFTP encrypts all data.

Start an SFTP session with the same credentials—login and password or key—as SSH. Specify a different port if you changed the default from 22:

sftp -oPort=222 [email protected]

After successful authentication, you can work with files on the remote server.

Conclusion

In this article, we covered what SSH is and how it works. Knowing the basics of this protocol is essential for system administrators and programmers. SSH allows you to connect to devices anywhere in the world with the same rights and capabilities as if you were physically present.

If you host a website on a private server, an incorrect SSH configuration can lead to unauthorized access and severe consequences. 

Any server you rent on Hostman is accessible via SSH by default. If you need additional configuration, our support is always available to help.

Linux
09.07.2024
Reading time: 7 min

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start
Email us