2-4: Installing and using Open SSH Server for remote connections

During this course we have installed Linux OS on one or several local machines. Possibly, you have installed Linux on your laptop. All software installations and shell exercises were performed through a local shell.

However, our goal is to set up a web server and to learn to interact with server machines. In most situations, this is done remotely, by connecting to the server through the Internet and opening a remote shell.

A remote shell allows to run commands on the remote computer through the SSH (Secure SHell) TCP/IP protocol. The SFTP and SCP associated protocols can be used to transfer files to and from the remote machine.

In order to be able to interact with the remote machine with SSH, we first need to install the openSSH server software on our server, so that it can act as an SSH server and accept remote SSH connections. Installing openSSH server is extremely easy.

Installing openSSH Server

We first update the repositories, as normally done before any software install or upgrade:

”andrea@ubuntu:~$ sudo apt-get update”

We then install the software:

”andrea@ubuntu:~$ sudo apt-get install openssh-server”

Connecting to the server remotely

Let’s imagine we want to connect from computer **A** (the client) to computer **B** (the server, with hypothetical IP address 160.15.22.52) by using the SSH protocol.

* We open a Terminal/shell on computer A. This is straightforward if the client computer runs Linux or MacOS. If we have a Windows client, we will need to install and use a windows SSH client application such as Putty.
* You will need to connect as a user who have an account on the server machine by using the “ssh” shell command with appropriate arguments. In the following example, the username is “andrea” both on the client and on the server computers (both running ubuntu). So “andrea” will appear in the prompt of the local machine, in the ssh command arguments, in the prompt of the remote machine. Do not let this confuse you, as it is a common situation.

On the local machine **A** we open a shell and type:

”andrea@ubuntu:~$ ssh andrea@160.15.22.52”

This means we want to login as user “andrea” on machine 160.15.22.52 (**B**, the server) by using ssh. Please note that this IP address is purely hypothetical, do not try the command as it is, use your username@your-server-IP. If your server, or the server you are connecting to, has an associated domain name, you can use this instead of the IP address to connect:

”andrea@ubuntu:~$ ssh andrea@your-domain-name.com”

A sample SSH login session

You can see a sample SSH login session below

A sample SSH login session
Figure 2-4-1: A sample SSH login session

The full host name of the remote computer and it’s IP address were obscured in the figure for security reasons. As this was the first connection from machine **A** (the client), the first thing that happens is that we have a chance to verify the server’s RSA key fingerprint, to be sure this is the machine we want to connect to. This not really something you have to worry about in the kind of environment we are considering for this course. So we can answer “yes” at the question:

”Are you sure you want to continue connecting (yes/no)?” (see figure 2-4-1)

Once we type “yes” we get a confirmation that the host we are connecting to was added to our local list of known hosts:

Permanently added ‘……uniroma2.it,160.xx.xx.xx’ (RSA) to the list of known hosts.

This verification of the RSA key only happens on your fist connection to a certain host, from a certain client machine. Once the host is added to the local client’s list of known host, you will not asked to verify the key anymore. However if the machine that hosts the remote server changes, that is the remote host changes physical location for some reason, on connecting to the machine you will get a warning that the RSA key has changed. This can raise a flag and warn you of a possible security problem on the connection. These issues are beyond the scope of this course though.

You will then be asked to enter your user’s password on the remote machine:

”andrea@…….uniroma2.it’s password: ”

You have 3 chances to get it right before you are denied connection (in figure 2-4-1 the first attempt failed as the password was mistyped).

Once you are logged in, you get some details about the machine and about you (time of your last login) and then get the remote machine prompt on your terminal window (see the last line in figure 2-4-1).

Congratulations, you are logged in and ready to type commands and interact with your remote machine, as if you were sitting in front of it, locally. The data you send and receive during this session are encrypted and secure. This is why the protocol is called “Secure SHell” (SSH).

How to login with SSH without having to type your password each time

If you have to frequently login to one or more remote servers by ssh, you will find that typing in you password(s) each time is an annoying task. Would’t it be great to just type the ssh command, press enter, and be automatically logged in? There is a way to do this by using RSA keys for authentication, instead of the password.

We will propose an elegant and quick method to do this, suggested by Mathias Kettner on the LinuxProblem website, adapted here to match the style of this course.

We first generate a public/private keys pair on the client, computer **A** with the “ssh-keygen” shell command.
The keys will be created and stored inside an invisible directory called .ssh, typically within your home directory on **A**.

”andrea@ubuntu:~$ ssh-keygen -t rsa”

Here’s what we get back from this command

”Generating public/private rsa key pair.”

”Enter file in which to save the key (/home/andrea/.ssh/id_rsa):” you can just accept the default location by pressing enter

”Created directory ‘/home/andrea/.ssh’.”

You are then asked for a passphrase, you can leave this blank and just press enter:

”Enter passphrase (empty for no passphrase):”

”Enter same passphrase again:”

”Your identification has been saved in /home/andrea/.ssh/id_rsa.”

”Your public key has been saved in /home/andrea/.ssh/id_rsa.pub.”

”The key fingerprint is:”

”5f:2b:09:22:3a:9f:96:2ac:3b:bc:f9:38:22:bc:37:g8 andrea@ubuntu”

For the purpose of this example, we will imagine that the server **B** is accessible at IP address 160.15.22.52. We login to **B** with ssh as user “andrea” and contextually (within the same statement) issue a command to create a .ssh directory on the remote server **B**.

”andrea@ubuntu:~$ ssh andrea@160.15.22.52 mkdir -p .ssh”

”andrea@160.15.22.52 password:”

When you enter the password, the ssh command will be executed on the remote machine **B** and you will be back to the prompt of your **A** client

”andrea@ubuntu:~$”

We now have to append the newly generated andrea’s public key on the client computer **A**, to the .ssh/authorized_keys file on the server **B**.

To understand this example you should be aware that if we use the “cat” shell command to write to a file, if the file still does not exist it will be created, and then wrote to.

andrea@ubuntu:~$ cat .ssh/id_rsa.pub | ssh andrea@160.15.22.52 ‘cat >> .ssh/authorized_keys’

andrea@160.15.22.52’s password:

Type in the password of your user on the server **B**, for the last time (!) and press enter. As before, the command will be executed and you will be back to your client **A** prompt:

”andrea@ubuntu:~$”

From now on you will not need to type your password again to login from **A** to **B**, and start to look as a “pro” sysadmin 😎

Now that we can interact and administer remotely our server, we can proceed to the installation of the Apache web server software.

Chapter Sections

Leave a Reply

Your email address will not be published. Required fields are marked *