If you have ever had to administer Linux (or Unix) servers, you are probably familiar with ssh, the secure shell client. For those of you not familiar with ssh, think “telnet on steroids”. For those of you not familiar with telnet or ssh…what are you doing administering servers? Ssh is like the Swiss army knife of remote connectivity. It can do so much that I think that no one has ever used all of the features it offers. This article is an exploration of the basics of ssh, future articles will explore its functionality in more depth.
Ssh offers the ability to connect remotely to another computer and doing so in a secure way. All communication between the client and the server is encrypted, so that even someone eavesdropping on the network conversation, will not be able to sniff the user name or password. This security is one of the main advantages ssh offers over telnet, which sends all communication in clear text across the network.
Ssh consists of two components, the client (ssh) and the daemon or server (sshd). The daemon, runs on the computer you want to connect to, the client runs on the computer you are working on. To connect to the daemon, you simply issue the following command, where host is the name or IP address of the computer you want to connect to:
# ssh host
If all goes well, the connection will go through and you will be asked for your password and presto, you are connected. In case your login name on the local computer differs from your login name on the remote computer, you can just tell ssh to connect in the form of@. Again, the password prompt will appear and you’ll be connected. Alternatively, you can tell ssh to use a different user name by specififying the -l switch on the command line, like so:
# ssh -l webadmin host.example.com
In case you’re having problems connecting to a certain host with ssh, it can help you in troubleshooting the connection or other circumstances that might be causing problems. To enable this feature, specify the -v switch on the command line to increase the verbosity of the command. The more “v” characters you add, the more verbose the program will become, up to a maximum of 3, as illustrated in the following example.
# ssh -vvv example.com OpenSSH_5.6p1, OpenSSL 1.0.0d-fips 8 Feb 2011 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to example.com [18.104.22.168] port 22. debug1: connect to address 22.214.171.124 port 22: Connection timed out debug1: Connecting to example.com [2620:0:2d0:200::10] port 22. debug1: connect to address 2620:0:2d0:200::10 port 22: Network is unreachable ssh: connect to host example.com port 22: Network is unreachable
From the above output, it is safe to conclude that either there is no ssh daemon listening at example.com or that it is behind a firewall configured to silently drop incoming connections.
This is the bare minimum that ssh can do for you. In future instalments of “The ssh files”, I will explore in more depth such functions as X-forwarding, tunneling and logging in using pre-shared keys.