Ubuntu Server 18.04 – Getting started with OpenSSH

install phpMyAdmin On CentOS 8

OpenSSH is quite possibly the most useful tool in existence for managing Linux servers. Of all the countless utilities available, this is the one I recommend that everyone starts practicing as soon as they can. Technically, I could probably better fit a section for setting up OpenSSH in Chapter 7, Setting Up Network Services, but this utility is very handy, and we should start using it as soon as possible. In this section, I’ll give you some information on OpenSSH and how to install it, and then I’ll finish up the section with a few examples of actually using it.

OpenSSH allows you to open a command shell on other Linux servers, allowing you to run commands as if you were there in front of the server. In a Linux administrator’s workflow, they will constantly find themselves managing a plethora of machines in different locations. OpenSSH works by having a daemon running on the server that listens for connections. On your workstation, you’ll use your SSH client to connect to the server, to begin running commands on it. SSH isn’t just useful for servers either; you can manage workstations with it, as well as network appliances. I’ve even used SSH on my laptop to connect to my desktop to issue a reboot command, just because I was too lazy to walk all the way to my bedroom. It’s extremely useful. And thankfully, it’s also very easy to learn.

Depending on the choices you’ve made during installation, your Ubuntu Server probably has the OpenSSH server installed already. If you don’t remember, just type which sshd at your shell prompt. If you have it installed, your output should read /usr/sbin/sshd. If you haven’t installed the server, you can do so with the following command:

sudo apt install openssh-server 

Keep in mind, though, that the OpenSSH server is not required to connect to other machines. Regardless of whether or not you install the server, you will still have the OpenSSH client installed by default. If you type which ssh at your shell prompt (omitting the d from sshd) you should see an output of /usr/bin/ssh. If, for some reason, you don’t have this package installed and you received no output from this command (which would be rare), you can install the OpenSSH client with the following command:

sudo apt install openssh-client 

I want to underline the fact that you’re not required to install the openssh-server package in order to make connections to other machines. You only need the openssh-client package to do that. For the vast majority of Linux administrators, I cannot think of a good reason to not have the openssh-client package installed. It’s useful when you want to remotely manage another Linux machine or server, but by itself, it doesn’t allow other users to connect to you. It’s important to understand that installing the OpenSSH server does increase your attack surface, though.

Whether or not to run an OpenSSH server on your machine usually comes down to a single question: Do you want to allow users to connect remotely to your server? Most of the time, the answer to that question is yes. The reason is that it’s more convenient to manage all your Linux servers at your desk, without having to walk into your server room and plug in a display and keyboard every time you want to do something. But even though you most likely want to have an SSH server running, you should still keep in mind that OpenSSH would then be listening for and allowing connections. The fact that OpenSSH allows you to remotely manage other servers is its best convenience, and also its biggest weakness. If you are able to connect to a server via SSH, so can others.

There are several best practices for security that you’ll want to implement if you have an OpenSSH server running. In Chapter 15, Securing Your Server, I will walk you through various configuration changes you can make to help minimize the threat of miscreants breaking into your server from the outside and wreaking havoc. Securing OpenSSH is actually not hard at all, and would probably only take just a few minutes of your time. Therefore, feel free to make a detour to Chapter 15, Securing Your Server, to read the section there that talks about securing OpenSSH, and then come back here when you’re done. If you have a server that is directly accessible via the internet, with users with weak passwords and you are allowing connections via SSH, I can personally guarantee that it will be hijacked within two weeks. As a general rule of thumb though, you’re usually fine as long as your user accounts have strong passwords, the OpenSSH package is kept up to date with the latest security updates, and you disable login via root.

With all of that out of the way, we can get started with actually using OpenSSH. After you’ve installed the openssh-server package on your target machine (the one you want to control remotely), you’ll need to start it if it hasn’t been already. By default, Ubuntu’s openssh-server package is automatically configured to start and become enabled once installed. To verify, run the following command:

systemctl status ssh 
Output from systemctl, showing a running SSH server

If OpenSSH is running as a daemon on your server, you should see output that tells you that it’s active (running). If not, you can start it with the following command:

sudo systemctl start ssh 

If the output of the systemctl status ssh command shows that the daemon is disabled (meaning it doesn’t start up automatically when the server boots), you can enable it with the following command:

sudo systemctl enable ssh 

On older Ubuntu servers (for example, 14.04 and 12.04), you can use the following two commands in order to start and enable the OpenSSH server respectively:

sudo service ssh start 
sudo update-rc.d ssh defaults 
Don’t worry about the systemctl or service commands just yet, we’ll go over them in greater detail in Chapter 6, Controlling and Monitoring Processes.

With the OpenSSH server started and running, your server should now be listening for connections. To verify this, use the following command to list listening ports, restricting the output to SSH:

sudo netstat -tulpn |grep ssh 
Output from netstat showing that SSH is listening

If, for some reason, your server doesn’t show that it has an SSH server listening, double-check that you’ve started the daemon. By default, the SSH server listens for connections on port 22. This can be changed by modifying the port declaration in the /etc/ssh/sshd_config file, but that’s a story for a later chapter. While I won’t be going over the editing of this file just yet, keep in mind that this file is the main configuration file for the daemon. OpenSSH reads this file for configuration values each time it’s started or restarted.

To connect to a server using SSH, simply execute the ssh command followed by the name or IP address of the server you’d like to connect to:

ssh 10.10.96.10 

By default, the ssh command will use the username you’re currently logged in with for the connection. If you’d like to use a different username, specify it with the ssh command by including your username followed by the @ symbol just before the IP address or hostname:

ssh fmulder@10.10.96.10 

Unless you tell it otherwise, the ssh command assumes that your target is listening on port 22. If it isn’t, you can give the command a different port with the -p option followed by a port number:

ssh -p 2242 fmulder@10.10.96.10 

Once you’re connected to the target machine, you’ll be able to run shell commands and administer the system as if you were right in front of it. You’ll have all the same permissions as the user you logged in with, and you’ll also be able to use sudo to run administrative commands if you normally have access to do so on that server. Basically, anything you’re able to do if you were standing right in front of the server, you’ll be able to do with SSH. When you’re finished with your session, simply type exit at the shell prompt, or press Ctrl + D on your keyboard.

If you started background commands on the target via SSH, use Ctrl + D to end your session, otherwise those processes will be terminated. We’ll talk about background processes in Chapter 6, Controlling and Monitoring Processes.

As you can see, OpenSSH is a miraculous tool that will benefit you by allowing you to remotely manage your servers from anywhere you allow SSH access from. Make sure to read the relevant section in Chapter 7, Setting Up Network Services, with regards to securing it, though. In the next section, we’ll discuss SSH key management, which also benefits convenience, but also allows you to increase security as well.

Comments are closed.