OpenSSH - The Art of Remote Administration
OpenSSH
OpenSSH is one of the most important tools for a system administrator. It allows
controlling a system without having to input data on the system itself, but via
network connection.
Installation
The Installation is different for the various Linux distributions. Most of the
time the package is called something like openssh.
pacman --needed -S openssh
yum install openssh-server openssh-clients
Usage
The OpenSSH Server by default uses TCP with the Port 22. It may be necessary
to allow the port in the firewall to be able to access the server.
Starting the Server is just a matter of using.
systemctl start openssh
By default, all Users are allowed to connect to the Server using their password.
It is, however, best practice to change that to only allow connections via
public key. But before we can do that, it is necessary to create a public key
on the client with the following command.
ssh-keygen -C "<email or other identifier>"
Afterwards, we can get the public key from the ~/.ssh/id_rsa.pub file and put
it in the ~/.ssh/authorized_keys file on the server. We should now be able to
connect from our client to the server using only the public key. To test that
use the following command on the client.
ssh <hostname or ip> -l <username>
Only proceed to the next step if you are able to connect with the upper command
to the server without using your password. The next step involves changing the
configuration to only allow public key authentication. To do that we will
change the following entries in the /etc/ssh/sshd_config file on the server.
PasswordAuthentication no
You may also want to update the PermitRootLogin to no if you're not using
the root account to administrate your server. This, however, is optional. The
last step is to automatically start OpenSSH when the server is restarted. We
can do that by enabling the server with systemd.
systemctl enable openssh
OpenSSH with socket
The OpenSSH Server can also run as a Socket. The advantage of doing that is that
updates don't require restarting the OpenSSH server as each connection is
creating a new instance of the OpenSSH daemon. In other words, after an update,
you can connect with a second session to the OpenSSH daemon to check whether it
is still working before disconnecting your first session. The disadvantage,
however, is that it takes a bit longer to connect, as the OpenSSH daemon must be
started for each connection.
The first step to change OpenSSH to a socket connection is to switch the enabled
service in systemd with the following command.
systemctl disable sshd
systemctl enable sshd.socket
If your OpenSSH daemon is already running that you have to stop it before you
can enable the socket. This, however, might be tricky, as you probably are
connected to the server via OpenSSH. Therefore, we are issuing the following
command as a single statement, to make sure that the OpenSSH daemon gets stopped
and the OpenSSH socket gets started. Running this command might require you to
reconnect to the server, 'cause your current connection might get killed.
systemctl stop sshd && systemctl start sshd.socket
OpenSSH on a different port
OpenSSH may also be used on a different port than 22. This is especially useful
'cause a lot of servers are trying to randomly connect to open 22 Ports. What
port you want to use is pretty much up to you. However, it is best to use one of
the user ports ranging from 1024 to 49151.
To change the port, we have to modify the /etc/ssh/sshd_config file and update
the Port to a new value like 5000.
Port 5000
Afterwards, we can restart the OpenSSH Server with:
systemctl restart sshd
Changing the Port on the sshd socket requires a different step. In this case, it
is not the sshd configuration with defines the port, but the sshd.socket file.
Therefore, we have to change the ListenStream entry in.
/usr/lib/systemd/system/sshd.socket to reflect the new port.
ListenStream=5000
Afterwards, we can restart the OpenSSH Server Socket with:
systemctl restart sshd.socket
Congratulations @mettke! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of upvotes
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP
Nice writeup have a look at the subreddit I started reddit.com/r/linux_mentor
Congratulations @mettke! You received a personal award!
Click here to view your Board
Congratulations @mettke! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!