How-To Session: SSH into another Linux Machine

shh

EDITOR UPDATE:  updated for new methodology and systemd


Today I am going to show you how to SSH into another linux box from anywhere! SSH is a powerful, encrypted command that enables you to essentially “log in” to you PC’s, via Terminal, and move files, change configurations, as if you were using Terminal at the remote host you are logging into.

Let’s start with the essentials:

Make sure you have SSH installed, check this with Terminal:”

ssh --version
ssh -V

This will check if SSH is installed. If it is not search for the relevant “ssh” package for your distribution.  In my case, “OpenSSH_6.2p2, OpenSSL 1.0.1e 11 Feb 2013” for OpenSSH.  OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the ssh protocol. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt.

The SSH client configuration file is /etc/ssh/ssh_config or ~/.ssh/config.

This is just an example config file:

/etc/ssh/ssh_config

#	$OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com

Change “Protocol 1” if present in the config file to “2”, which is more secure.

Daemon config

The SSH daemon configuration file can be found and edited in /etc/ssh/sshd_config.

Now set up your users, if you wish to only allow certain people by adding this line:

AllowUsers    user1 user2

If you want to disable root login over SSH, modify/uncomment this line:

PermitRootLogin no

To add a nice welcome message edit the file /etc/issue and change the Banner line into this:

Banner /etc/issue

I would advise changin the default port from 22:

Port 6969

Starting the daemon under systemd:

systemctl start sshd

Permantly enabled the service with:

systemctl enable sshd.service

You should see output such as

ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service'

Alternativly, you can enable the service on first connection:

systemctl enable sshd.socket

It is better, but not necessary, to assign a static IP address on your REMOTE machine. You can also make this a reserved ip address via your routers settings. Additionally you can take that static address and register it with NO IP, so you have a free domain name. On the site, simply go to “add host” to add your PC.<
That said, now let’s connect to the remote host (below is basic syntax):

Note: if you are connecting to a local computer computer on your network, use the local address.  If outside the network, you want to use the external address of your router.  See your routers configuration for more
To connect to the remote machine:

ssh user@ip_address" OR "ssh user@hostname

Non-Standard port type

ssh -oPort=PORT_NUMBER user@ip_address 

OR

ssh -oPort=PORT_NUMBER user@hostname

Copying/Transferring Files:

scp SourceFile user@host:directory/TargetFile

You can also SFTP into your REMOTE host by doing:

sftp user@ip_address_or_hostname" OR "sftp -p PORT _NUMBER user@ip_address_or_hostname

To exit your session:

use the “exit” command in Terminal until you fully back out of your REMOTE host.

That’s if for today, any questions or comments, please comment on this blog entry or contach me via the “Conact Us” page at the top of this blog

_professor

 

Advertisements

About professorkaos64

www.libregeek.org

Posted on 20130820, in How-To, Remote, Terminal and tagged , , , , . Bookmark the permalink. 4 Comments.

  1. I am anew to linux. I wanna know how do i copy a dir?(TEST) from one linux machine with IP address (host-where the dir is)(eg. 167.154.87.99) to another machine, IP address(eg. 167.154.87.98) I have tried scp -R TEST username@167.154.87.98. It is complaining; omitting dir TEST

  2. Light Yagami

    just wondering, when I tried SSHing into another computer of mine for practice, I can’t seem to be able to. I did the “dpkg -s SSH” and “sudo /etc/init.d/ssh start”.
    So now I’m at the part where I type in “ssh username@ip_address”, and all I’m given is just a blinking cursor after I press enter. Then the connection times out. Should I be typing in the router’s IP address, or the computers? And should I be doing something else on the other computer that I’m SSHing into?

  3. _Nano, good job. I was taking for given that ssh was installed and when tried dpkg-test got to know it was not. Previously I guess ssh should be installed by default, but not now (I use Debian). Very well explained. Saved me some tow hours more.

  4. TY @ Nano, great article 🙂 Thankfully there are people like you willing to help “Noobs” like me. TY Again!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s