<\/span><\/h2>\nSecure Shell<\/strong>, sometimes called Secure Socket Shell<\/strong>, is a protocol that allows you to securely connect to a remote computer\u00a0a server using a text-based interface.<\/p>\nWhen a secure SSH connection is established, a shell session starts. It enables manipulating the server by typing commands within the client on your local computer.<\/p>\n
System and network administrators use this protocol to manage remote servers and machines. Anyone who requires managing a computer remotely in a highly secure manner uses SSH.<\/p>\n
\n
\n
<\/span>How Does SSH Work?<\/span><\/h2>\nBoth the client and server participate in establishing a secure SSH communication channel. Creating an SSH connection relies on the following components and steps:<\/p>\n
\nClient-side component<\/strong>. A client-side component is an application or program used\u00a0to connect to another machine. The client uses remote host information to initiate the connection through the program. If the credentials are verified, the program establishes an encrypted connection.<\/li>\nServer-side component<\/strong>. On the server’s side, an SSH daemon constantly listens to a specific TCP\/IP port (the default SSH port number is 22) for possible client connection requests. Once a client initiates a connection through the defined port, the SSH daemon responds with the software and the protocol versions it supports. The default protocol version for SSH communication is version 2.<\/li>\nKey exchange<\/strong>. The client and server exchange cryptographic keys to create a secure communication channel. The keys help encrypt subsequent communication.<\/li>\nAuthentication<\/strong>. When establishing a connection, the client provides identification data to the server (as a username\/password or SSH keys). If the provided credentials are correct, SSH creates a new encrypted communication session.<\/li>\n<\/ul>\n\n
\n
<\/span>How to Enable an SSH Connection<\/span><\/h2>\nSince creating an SSH connection requires both a client and a server component, ensure they are installed on the local and remote servers. The sections below demonstrate how to install a client-side and server-side component depending on the OS.<\/p>\n
<\/span>Install SSH Component on Mac<\/span><\/h3>\nmacOS typically has the SSH client preinstalled. Open the terminal and check with the following command:<\/p>\n
ssh -v<\/code><\/pre>\n
The command shows the installed SSH version. To use a third-party SSH application, such as OpenSSH, use the following Homebrew command:<\/p>\n
brew install openssh<\/code><\/pre>\nThe installation allows managing a separate version from the system’s default SSH component. Alternatively, install PuTTY on macOS to use a GUI-based SSH client.<\/p>\n
To enable SSH server remote login on a macOS, do the following:<\/p>\n
1. Go to System Settings<\/strong>.<\/p>\n2. Click General<\/strong> in the left menu.<\/p>\n3. Locate and open Sharing<\/strong>.<\/p>\nRemote Login<\/strong> to allow SSH access to the device.<\/p>\n
<\/span>Install SSH Component on Linux<\/span><\/h3>\nSome Linux distributions do not have an SSH component installed by default. Typical solutions are installing OpenSSH or a GUI solution, such as the PuTTY client for Ubuntu.<\/p>\n
Installing OpenSSH requires access to the terminal on the server and the computer you use for connecting. The steps for installing and setting up the OpenSSH client and server component are below:<\/p>\n
1. To install the client component, run one of the following commands on the client machine:<\/p>\n
For Debian\/Ubuntu-based Systems:<\/strong><\/p>\nsudo apt install openssh-client<\/code><\/pre>\nFor Red Hat-based systems (such as CentOS or Fedora):<\/strong><\/p>\nsudo dnf install openssh-clients<\/code><\/pre>\nsudo yum install openssh-clients<\/code><\/pre>\n2. Next, install the server component on the server machine:<\/p>\n
For Debian\/Ubuntu-based Systems:<\/strong><\/p>\nsudo apt install openssh-server<\/code><\/pre>\nFor Red Hat-based systems (such as CentOS or Fedora):<\/strong><\/p>\nsudo dnf install openssh-server<\/code><\/pre>\nsudo yum install openssh-server<\/code><\/pre>\n3. After installing the components, the SSH service automatically starts. View the service status with:<\/p>\n
systemctl status sshd<\/code><\/pre>\nIn case the service is not running, run it with the following command:<\/p>\n
sudo systemctl start sshd<\/code><\/pre>\nThe command does not print an output.<\/p>\n
4. To have the service start automatically on boot, run:<\/p>\n
sudo systemctl enable sshd<\/code><\/pre>\nEnabling the sshd <\/strong>service starts it during the boot process.<\/p>\n<\/span>Install SSH Component on Windows<\/span><\/h3>\nSSH is not a default component on Windows systems. Windows 10 and later versions include a native OpenSSH app.<\/p>\n
To enable SSH, do the following:<\/p>\n
1. Open Settings<\/strong> -> Apps & features<\/strong> -> Optional features<\/strong>.<\/p>\n
2. Click the Add a feature<\/strong> button.<\/p>\n
3. Search for and install the OpenSSH<\/strong> app.<\/p>\n
Alternatively, a popular option is to install PuTTY on Windows or to use a Linux distribution through the WSL (Windows Subsystem for Linux) feature.<\/p>\n
<\/span>How to Connect via SSH<\/span><\/h2>\nAfter installing and setting up the SSH client and server on each machine, you can establish a secure remote connection. To connect to a server, do the following:<\/p>\n
1. Open the command line\/terminal window and run the following ssh command:<\/p>\n
ssh [username]@[host_ip_address]<\/code><\/button><\/pre>\nProvide the username and host IP address. If the username is the same as the local machine, omit the username from the command. To test if SSH is installed correctly, try creating an SSH connection to localhost<\/em>.<\/p>\n2. When connecting to the server for the first time, a message appears asking to confirm the connection. Type yes<\/strong> and press Enter<\/strong> to confirm the remote server identification on the local machine.<\/p>\n3. Provide the password when prompted and press Enter<\/strong>. The screen does not display characters as you are typing.<\/p>\n
A digital signature ECDSA key fingerprint helps authenticate the machine and establishes a connection to the remote server.<\/p>\n
If the computer you are trying to connect to is on the same network, then it is best to use a private IP address instead of a public IP address.<\/p>\n
\n
\n
Additionally, ensure the correct TCP port listens for connection requests and that port forwarding settings are correct. The default port number is 22<\/strong> unless the configuration has been changed. You may also append the port number after the host IP address.<\/p>\nWhen using a port number, the following two examples are valid:<\/p>\n
ssh [username]@[host_ip_address]:[port]<\/code><\/button><\/pre>\nssh [username]@[host_ip_address] -p [port]<\/code><\/button><\/pre>\nIf there are any issues connecting to the remote server, make sure that:<\/p>\n
\nThe IP address of the remote machine is correct.<\/li>\n The port the SSH daemon is listening to is not blocked by a firewall or forwarded incorrectly.<\/li>\n The username and password are correct.<\/li>\n The SSH software is installed correctly.<\/li>\n<\/ul>\n<\/span>SSH Further Steps<\/span><\/h2>\nAfter establishing a connection to your server using SSH, there are additional steps to improve SSH security. Default values should always be changed; not changing them leaves a server vulnerable to attacks. Some of the suggestions require editing the SSH configuration file.<\/p>\n
Below is a list of practical steps to secure the SSH connection:<\/p>\n
<\/span>Change the Default TCP Listening Port<\/span><\/h3>\nInstead of using the default port 22, try a higher number. Avoid using a port number that is easy to guess, such as 222, 2222, or 22222.<\/p>\n
<\/span>Use SSH Key Pairs for Authentication<\/span><\/h3>\nPasswordless SSH login is safer and allows logging in without using an SSH key pair (which is faster and more convenient).<\/p>\n
<\/span>Disable Password-Based Logins on Your Server<\/span><\/h3>\nIf your password gets cracked, this will eliminate the possibility of using it to log into your servers. Before you turn off the option to log in using passwords, ensure that authentication using key pairs works.<\/p>\n
<\/span>Disable Root Access<\/span><\/h3>\nRemoving default root access to your server makes accessing the root account harder for unwanted solicitors. Instead, use a regular account with the su – command to switch to a root user.<\/p>\n
<\/span>Use TCP Wrappers<\/span><\/h3>\nTCP wrappers enable restricting access to specific IP addresses or hostnames. Configure which host can connect by editing the \/etc\/hosts.allow<\/em> and\/etc\/hosts.deny<\/em> files. Note that the first file has higher authorization than the second.<\/p>\nFor example, to allow SSH access to a single host, first deny all hosts by adding these two lines in the \/etc\/hosts.deny<\/em> file:<\/p>\nsshd : ALL\r\nALL : ALL<\/code><\/pre>\n\/etc\/hosts.allow<\/em> file, add a line with the allowed hosts for the SSH service:
<\/span>Secure Login Information and Employ Multilayer Security<\/span><\/h3>\nUse different methods to limit SSH access to your servers, or use services that block anyone using <\/span>brute force to gain access. <\/span>Fail2ban is one example of such a service.<\/span><\/p>\n<\/span>VNC Over SSH<\/span><\/h2>\nIn a Virtual Network Computing (VNC) environment, it is possible to encrypt connections using SSH <\/span>tunneling via the <\/span>ssh<\/code><\/strong> command and through PuTTY.<\/span><\/p>\nssh -L [local_address]:[local_port]:[VNC_server_address]:[VNC_server_port] -N -f -l [username] [hostname_or_IP]<\/code><\/button><\/p>\nThe command does the following:<\/p>\n
\nssh<\/code><\/strong>. Starts the SSH client program on your local machine and enables secure connection to the SSH server on a remote computer.<\/li>\n-L [local_address]:[local_port]:[VNC_server_address]:[VNC_server_port]<\/code><\/strong>. The local address and port for the client on the local machine are to be forwarded to the specified server host and port of the remote machine.<\/li>\n-N<\/code><\/strong>. Forwards ports without executing a remote command.<\/li>\n-f<\/code><\/strong>. Sends SSH to the background after the password is provided. This allows typing commands in the local terminal.<\/li>\n-l [username]<\/code><\/strong>. The username for connecting to the SSH server.<\/li>\n[hostname_or_IP]<\/code><\/strong>. The hostname or IP of the SSH server.<\/li>\n<\/ul>\nYou can also connect to a remote server via SSH tunnel using PuTTY. In the PuTTY configuration window, do the following:<\/p>\n
1. Go to Connection<\/strong> -> SSH<\/strong> -> Tunnels.<\/strong><\/p>\n2. Type in the source port number in the Source port<\/strong> field.<\/p>\n3. Type the VNC server address and port in the Destination field<\/strong>.<\/p>\n
4. Start the SSH session as you normally would.<\/p>\n
5. Connect to your server with a VNC client of your choice.<\/p>\n
<\/span>Conclusion<\/span><\/h2>\nYou should now be able to connect to a remote server with SSH. <\/strong>There are many other methods to establish a connection between two remote computers, but the ones covered here are most common and secure.<\/p>\nNext, see how to mount a remote file system using SSH with the SSHFS client.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
If you enjoyed this article, then you\u2019ll love Zalvis's Cloud Hosting platform. Turbocharge your website and get 24\/7 support from our veteran team. Our world-class hosting infrastructure focuses on auto-scaling, performance, and security. Let us show you the Zalvis difference!
Check out our services.<\/a><\/div>