A A
RSS

SSH 101: Secure Shell Basics

Mon, Mar 2, 2009

Tweet this!

Introduction

SSH, or the Secure SHell, is a powerful unix tool that allows you to securely connect to a remote computer, whether it be across a local network, or over the internet. You may have used it once or twice, but don’t understand what all the fuss is about. Did you know that you can use it not only as a remote command line, but also to run graphical applications (for example, Firefox) remoteley? Or that you can also use it to access your Linux computer from a Windows machine? This article will discuss the uses of SSH, and explain how to setup an SSH server on your Ubuntu computer, enable X11 (graphical) forwarding, as well as how to access your Linux computer from anywhere in the world, from any computer.

Intalling and configuring the SSH server

Some distrobutions come with the SSH server, or sshd, installed by default. Ubuntu’s desktop edition, however, is one of the few that doesn’t, so we’ll need to install it before we can connect to our computer over the network (or internet). This is incredibly easy – all we have to do is install the package “openssh-server”, like this:

sudo apt-get install openssh-server

Ubuntu will download and install the server; it may take a moment to generate what are called “keys” for your computer.
A word on “Keys”
Keys are files that are unique to your computer, and are transmitted to connecting clients to verify that you are who you say you are. The first time that you connect to a computer via SSH, it will ask you if you want to accept the server’s key, and it will store it for future reference. If at any time you connect to the same computer, but the key is different, you will be warned that there may something wrong. In most cases this is just a case of the computer’s administrator re-installing SSH, and creating a new key in the process; but it could also indicate that there has been a security compromise of some kind.

Somewhat optional: Configuring sshd_config
Now that the server is installed, and your keys are created, you can start configuring your SSH server to behave in any manner you like. Most of the time the defaults are fine, but you may want to tweak some things. For example, if you want to be able to run graphical applications over SSH, you will need to make sure that the “X11Forwarding” option is set to yes.

To enable X11Fowarding, or make sure it is turned on, run the command:

gksudo gedit /etc/ssh/sshd_config

Find the line that begins with “X11Fowarding” and make sure it reads “X11Forwarding yes”. If it is commented out (if there is a “#” symbol in front of the line), remove the “#”, and make sure it is set to yes. Save the file, and then run

sudo /etc/init.d/ssh reload

Which will reload the configuration file with the new options.

Testing your SSH Server
The easiest way to test whether your SSH server is running or not, is, obviously, to try to connect to it! Since we haven’t yet setup port-forwarding, we can’t connect over the internet, but we can try to connect to localhost (“localhost” is the name given to the computer you are currently on. Whatever computer you are using, that is your local host, or “localhost”). So, to test it, we run:

ssh localhost

If you are prompted for your password, then your ssh server is working! But it isn’t much use to have a server nobody can use, so now you want to setup port forwarding. Doing this will let you access your computer from anywhere, over the internet.

Router port forwarding & DynDNS
Port forwarding is different for each brand and model of router, but the basic steps are simple. First, you want to connect to your router’s control panel in your web browser. To find out the IP address of your router, use this command:

route | grep default

The second column will be your default gateway, which is your router. As for the control panel, each brand uses different software, but you can generally find instructions on Google, or consult your router’s manual.

Once you find the option to forward a port, you want to forward port 22 to your server’s local IP address (use the /sbin/ifconfig command to determine this).

Optional: A (free) domain name for your server
Unless you like memorizing strings of numbers, you probably want an easier way to ssh home than to remember your IP address. And, if you have a dynamically-assigned IP address, memorizing it won’t do you any good after your ISP changes it. So I recommend you use the DynDNS service to give your network a free domain name, making things a lot easier on yourself.

For more instructions on how to do this, click here to read my how-to.

Using SSH from the command line

Alright! You’ve just setup your ssh server, and you’ve forwarded port 22 on your router so you can access it from anywhere. Now you need to learn how to use the ssh command.

ssh has some really powerful options, but right now your only concern should be the basics. Here’s some of the most important options for the ssh command, and what they do:

Flag Used for…
-l Specifies the login name to use. For example “ssh example.com -l jonathan” would connect to example.com with the user “jonathan”
-p Specifies the port to use. The default port is 22, but if you want to connect to an ssh server on a different port, use “ssh example.com -p 500″ for port 500.
-C Enables compression. Mostly for use on dial-up connections; on broadband it is not necessary.
-X Enable X11 Forwarding. Used in the form “ssh example.com -X” and allows graphical applications to be run remotely, if the server is configured to allow it.
-x Disables X11 forwarding, reguardless of the server’s configuration.
-f Backgrounds the ssh process immediately. Useful if you are just running a graphical app from a remote machine, for example “ssh example.com -f gnome-terminal” will load the terminal in the forefront, and hide the ssh process.

There are many, many other options for SSH, especially for some of its more powerful features, such as port forwarding. For a complete list, run:

man ssh

to bring up the SSH manual.

X11 Forwarding

As listed above, use the -X flag to enable X11 forwarding in an SSH session. The server must be configured to allow X11Forwarding, and it, of course, must have the applications and libraries necessary to run graphical applications.

Logging into a remote computer X11Forwarding enabled, try running a program with a graphical interface; nautilus is one example. Keep in mind that if you’re running this over your local network it will probably be quick, but over the internet it may slow down considerably. So while firefox may be speedy running over your LAN, it might be unbarebly slow running over the internet, depending upon your connection.

Accessing remote files via SSHFS

There are tons of other useful things you can do, now that you’ve setup an SSH server. You can even mount a remote computer’s files to your local machine, and manipulate them as if they were on your local drive! You can read how to mount remote files with sshfs at this tutorial.

But what about Windows?

Command-line Access from Windows

If you want to access your Linux machine from a Windows computer, you will need to install an SSH program. The most popular one, by far, is PuTTY. This is a single, tiny .EXE file that you can easily carry on a USB stick, or download whenever you have the need.

PuTTY Client for Windows (running in wine)

The process is basically the same as using a Linux SSH client. When you start PuTTY, you will be asked for the hostname or IP address of the destination computer; below this box are the various types of connections supported by PuTTY, but for now we’re only going to use SSH. When you press enter, PuTTY will connect and prompt you for your username and password (if this is the first time you are connecting to this particular remote computer from this local machine, it will ask you if you want to accept the remote computer’s key, as discussed above; of course, say yes); you will then be given a shell on the remote machine.

X-Forwarding and Windows
What if you want to use X11-Forwarding, as discussed above, on Windows? Well, this is a little more complex than on Linux. Since Windows doesn’t have an X server, you need to run one on your local computer, in order to forward graphical applications from the remote machine. A popular, free X11 server for windows is Xming. Instructions on setup and installation are all provided at the Xming site. Once you have your X11 server running on Windows, you will be able to forward graphical applications, just like on Linux.

Conclusion

SSH is an incredibly powerful tool. It lets you connect to a computer anywhere in the world, share files, and even run applications remotely. But there’s much, much more you can do with SSH, which I will be covering in future how-tos. Subscribe to the Techthrob feed to be alerted to them, and all Techthrob articles, fresh when they are released!

Like this post?

2 Responses to “SSH 101: Secure Shell Basics”

  1. Howard Collier says:

    Excellent presentation! Easy to read and understand, every step flows so well, even for me a Linux newbe. Thanks!

Trackbacks/Pingbacks

  1. Ubuntu as Mom’s Operating System | Techthrob.com - 29. Mar, 2010

    [...] that something does go wrong, it’s a lot easier to troubleshoot the problem when I can just SSH in remotely (using X11 forwarding if necessary), find the problem, and fix it; no talking Mom through how to readjust the screen resolution when I [...]

Leave a Reply

Weekly Poll

What's the best Linux distribution for desktops?

View Results

Loading ... Loading ...

Search TechThrob

Advertisement