Home Tips and Instructions Linux & UNIX SSH - What is it and how do you use it?
SSH - What is it and how do you use it? PDF Print E-mail

SSH - What is it?

SSH is one of those typical "Linux mysteries" for the uninitiated. SSH is a command line protocol for connecting to a remote machine and unlike ftp and telnet, SSH provides a secure mechanism to connect to another machine over a network. Ftp and telnet transmit the username and password in clear text, which means that they're not encrypted and thus readable by anyone who captures them. However, SSH encrypts all communication between the two computers.

SSH, which is an acronym for Secure Shell, is a program included with every major Linux distribution. In order to use SSH it has to be running on both the machine you are using (referred to as the local or client machine) and the machine you are connecting to (known as the remote machine, host, and server). SSH runs as a service and is invoked/initiatedv (on the remote/host/server) by you on the client machine.


Locking Down SSH (Making Your Linux Machine More Secure)

Disabling Root Login

On any machines that will be acting as an SSH server it is a good idea to disable the ability to login is as root. The reason for this is because every Linux computer has a user named root and because of this one would only have to guess the password for the root user to gain access to a machine. To change this setting open /etc/ssh/sshd_config. If your configuration reads PermitRootLogin yes then change the yes to no so that /etc/ssh/sshd_config now reads PermitRootLogin no.

Some distributions have this setting commented out which is the equivalent of setting it to no. However it is still a good idea to explicitly change this setting to no to prevent any chance of someone being able to login as root. Let me repeat the importance of changing this setting. Setting PermitRootLogin to no prevents someone from SSH'ing into the machine as root. This means that anyone tyring to gain root access to the machine via SSH would not ony have to the root accout's password, but also the username and password of a valid user account on the machine for the initial access! To achieve root access to a machine with this setting you would login under a user account and then type su a the command prompt.

After making this change in /etc/ssh/sshd_config you will have to restart the SSH server. For example, on Fedora Core 4 & 5 the command would be:

 service sshd restart

Or on Fedora you can do also restart SSH via the GUI. Go to System Settings, then click on Server Settings, then click on Services, and you'll be prompted for the root password. After entering the root password select the sshd service and click on the Restart button. See the screenshot below.

Changing the Default Port for SSH

As root open /etc/ssh/sshd_config. Find the line that says:

#Port 22

Uncomment this line then change 22 to the new port number you wish to use. For example if you wanted to change the port to 2000 you would change this line so that it reads:

Port 2000 


Using SSH

Before being able to connect to a remote machine via SSH, you must know either its IP address or domain name. To connect to a computer via SSH from Linux/Unix machine (including Mac OS X) you would open up a terminal (if you aru using a in GUI) and type the following at the command line:

ssh IP_adress

OR

sss domain_name

Specificy exampes:

If the remote machine's IP address is 12.34.56.78

Then you would type: ssh 12.34.56.78

OR

If the remote machine's domain is www.testserver.com

You would type: sss www.testserver.com

*Note: If you have changed the default port that ssh runs on from 22 to someting else then you need to specify the port with the -p option. See the example below.

If you have changed the default port from 22 to 2000 then to connect you would type:

ssh 12.34.56.78 -p 2000

sss www.testserver.com -p 2000