Linux OS: Secure Shell (SSH)

SSH ASCII art.

    Hello everyone! Welcome to my blog, and good evening to all! Today, I want to share an article about using SSH to connect to a server or another computer. I often need this to connect to my phone, which acts as a mobile server for storing and retrieving files, as well as transferring data between my laptop and phone. Other people may also find it useful to connect from one laptop to another PC, laptop, or server. Let’s dive in!

What Is SSH?

Secure Shell (SSH) is a protocol used to securely access and manage network devices and servers over an unsecured network. It provides a secure channel by encrypting the data exchanged between the client and server, making it resistant to eavesdropping and man-in-the-middle attacks.

Installing openssh-server Within Linux (Server)

To connect to a PC or server via SSH, you first need to install the SSH server on that machine.

If the SSH server is not installed on the computer yet, you can use the following command in the terminal:

sudo apt update && sudo apt install openssh-server -y

 

Installing openssh-server in server side PC.

Then I can enable it with this command:

sudo systemctl start ssh
sudo systemctl enable ssh

Configuring The SSH (Server)

Let's strengthen the server with the following SSH configuration. First, open the SSH configuration file by running 'sudo vim /etc/ssh/sshd_config'  then delete the preceding '#' on these configurations and modify them as follows:

Port 22
PermitRootLogin prohibit-password
MaxAuthTries 2
MaxSessions 2
StrictModes yes
PubkeyAuthentication yes
HostbasedAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no

 

Generating SSH Key Pair for Secure Access (Client)

To securely connect to remote servers via SSH, it’s essential to generate a pair of cryptographic keys: a private key (This key is kept secret and should never be shared) and a public key (This key is shared with remote servers). This key pair will enable secure, password-less authentication, enhancing both convenience and security.

I can now back to the terminal and type:

ssh-keygen

I suggest keeping the default names for the private and public keys (id_rsa and id_rsa.pub) so that the SSH client can automatically locate the private key in the folder without needing to specify it in the SSH options when connecting to the server.

When I reach the 'Enter passphrase (empty for no passphrase):' just enter the secure one for extra layer of security.

Then the private/public key will be stored at "Created directory '/home/demo_programming/.ssh'" within my home folder.

You can look for yourself here:

Generating SSH public/private key.

Private Key: id_rsa
Public Key: id_rsa.pub

Manually copy the SSH public key (/home/demo_programming/.ssh/id_rsa.pub) into the server's authorized_keys file. While I could use ssh-copy-id username@hostname_or_ip to transfer the key, the server refuses user login because I have set PasswordAuthentication no and PubkeyAuthentication yes. This means the public key must already be stored in authorized_keys for access.

To copy my public key, I can use a flash drive or another method to access the server. Alternatively, I could temporarily change PasswordAuthentication no to PasswordAuthentication yes, copy the public key, and then revert the setting back to PasswordAuthentication no when I’m finished.

This is my laptop public key in the host server already stored:

Public key stored in server SSH.

Connect My Laptop To SSH Server (Client to Server)

The server is configured, the SSH public/private keys are set up, and the server is online. Now it's time to test the connection from my laptop (the client) to the server.

Connect using this pattern:

ssh username@192.168.1.10

Or you can look for the picture:

Successfully connect to my phone as server.

That’s all I can share with you for now. Thank you for visiting my blog! I hope you have a great day!