What is SSH?
SSH or Secure SHell is a protocol used to remotely connect to hosts and it is the most common way to log and work onto remote hosts.
In the following article we are going to see how this works and how you can use it to connect to your server/workstation/pc using SSH from your linux terminal via ssh command.
Linux systems have an utility, called ssh, that is used to connect to a remote host using SSH protocol.
Before starting the tutorial, make sure to have ssh installed on your linux machine:
If not, proceed in the installation using your system’s packet manager (apt, yum, pacman, etc).
How to make SSH work?
The base syntax for ssh command is:
This syntax assumes that you are going to connect to the host with the username you are logged in in the terminal you are using.
If you need to connect as another user, you can use the user@host syntax:
Logging in as a specific user is very common, especially while using scripts that need to execute commands on remote hosts.
Opening an SSH connection
Once you input the command it will try to resolve the hostname/IP and connect to the host. Connections via SSH, by default, are commutated on port 22, even if this is depending on the configuration of the SSH-server and we will cover how to change default port used to listen for incoming connections in a dedicated article.
The first time you try to connect to an host, the command will prompt the following:
More than a warning, this is the way for SSH to let you know that there is something unusual in the connection you are trying to open.
Basically, there is a file on the client side, known_hosts in the directory ~/.ssh/ that contains the unique information (keys) of the hosts you have already connected to with that user, identified with a fingerprint and the public key, if there is a mismatch in any of the fields it will let you know.
What could generate a mismatch could be:
- Keys changed on the server. This could happen when there is a reinstallation of the OS on the server, enforcing procedure or just a new creation of keys after SSH upgrade.
- Hostname or IP address of the remote hosts now belongs to another machine, due to DHCP reassignment, a swap of servers an so on.
- There is the chance that someone is trying to put itself between you and the real host (man in the middle attack). The key check is crucial in diagnosing situations like this.
Once you hit yes in the previous prompt, needed informations of the server are stored in known_hosts and you will be asked for the password of current user (if you didn’t specify a different one):
After you enter the right password, your terminal is ready to go!
How to SSH without password
Whether it is an home server, a VM or a terminal on your own linux laptop, it could become boring to input the password everytime you ssh to your machine.
Generate a key pair (public/private) for the user
Encryption is your friend, with public/private keys combination and identity management, it is possible to easily setup a password-less connection via ssh for a given linux user.
All you have to do is run the ssh-keygen command that comes bundled in ssh package for each linux distribution. In the sample below I used all defaults values to make the configuration fit standard paths:
Basically, what happens is that the ssh-keygen command is:
- Generate a private key for the user
- Generate a public key for the user
- Put the generated keys in ~/.ssh/ folder with the correct permissions
Copy the generated identity on remote host
Once you generated the key pair, it is necessary that the public key is appended in the remote host’s ~/.ssh/authorized_keys file for the user you want to login with, in order to be able to login without prompting the password.
This is achieved by using the ssh-copy-id command, bundled with ssh package, with the parameter -i that allows you to specify the PUBLIC KEY you want to append, if you specified a different location while generating it. Otherwise the default is ~/.ssh/id_rsa.pub.
The command will prompt for the password of the current user on remote host and the proceeds to install the key on it
Yay! That’s it! The next time you will login, it will not ask you to input the password for your user account!
Run commands via SSH on remote host
Once you are set up and ready to access your remote host without even asking for a password, you could find it useful to run commands on it directly via ssh, this includes running a remote script or one/more commands, in our examples we will cover linux commands.
Syntax for calling remote commands is:
Assume that you want to see the hostname of the remote host, list a particular directory and find the occurrences with the word ‘Docker’ in it, here is the complete command:
Making it more interactive
It could happen that some commands, like for instance ‘top’ (used to see the status of the system, read more here), require an interactive terminal to properly work, and ‘-t’ flag of ssh comes to the rescue, it is useful even for normal commands, as it shows on the terminal the end of connection:
So far you learned how to establish an SSH connection with or without requiring a password and how to run remote commands, you can also find the usual link to the man page of the command if you want to go deeper – man ssh
If you found this article interesting, feel free to share it with your friends and colleagues!