SSH – Secure Shell Tips and Tricks in 2023

What you need to know

There are several benefits of using SSH (Secure Shell) for remote access and file transfer:

  1. Encrypted communications: SSH provides secure, encrypted communications between the client and server, protecting the confidentiality and integrity of data transmitted over the network.
  2. Authentication: SSH provides strong user authentication mechanisms, including passwords and public key authentication, to ensure that only authorized users can access the system.
  3. Port forwarding: SSH allows for secure port forwarding, enabling remote access to services that are not directly accessible over the Internet or other networks.
  4. Remote execution: SSH allows users to execute commands and scripts remotely on the server, making it easier to manage and automate tasks on remote systems.
  5. File transfer: SSH includes a secure file transfer protocol (SFTP) that enables users to transfer files securely between the client and server, with support for resume and partial transfer.
  6. Tunneling: SSH supports tunneling of arbitrary network protocols, allowing users to securely access network resources behind firewalls and other access controls.
  7. Cross-platform support: SSH is widely supported across different operating systems, making it a versatile and flexible solution for remote access and file transfer.

Overall, SSH is a powerful and secure tool for remote access, file transfer, and network management, and it has become a widely adopted standard in the industry.

Setting up SSH for passwordless login

To set up SSH for passwordless login, you need to generate a public and private key pair on the client machine and copy the public key to the remote server. Here are the steps to do this:

  1. On the client machine, open a terminal and run the following command to generate a new SSH key pair: ssh-keygen -t rsa This command will create a new RSA key pair in the default .ssh/ directory with the name id_rsa (private key) and id_rsa.pub (public key).
  2. After the key pair is generated, run the following command to copy the public key to the remote server:sql ssh-copy-id username@remote_server Replace username with your username on the remote server, and remote_server with the hostname or IP address of the remote server.When prompted, enter your password for the remote server to complete the copy process.This command will append your public key to the remote server’s authorized_keys file in the .ssh/ directory. This file contains a list of public keys that are authorized to log in to the remote server without a password.
  3. Once the public key is copied to the remote server, you can test the passwordless login by running the following command on the client machine:java ssh username@remote_server You should now be able to log in to the remote server without being prompted for a password.

Note: If the .ssh/ directory or the authorized_keys file does not exist on the remote server, you can create them manually with the following commands:

mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

These commands will create the .ssh/ directory with the correct permissions, create an empty authorized_keys file, and set the correct permissions for the file.

If you lose connection after a period of inactivity

To configure SSH not to drop connection after a certain timeout, you can modify the ClientAliveInterval and ClientAliveCountMax settings in your SSH server configuration file.

Here are the steps to do it:

  1. Open the SSH server configuration file /etc/ssh/sshd_config using a text editor such as nano or vim.
sudo nano /etc/ssh/sshd_config
  1. Scroll down to the section that starts with # ClientAliveInterval and uncomment it by removing the # symbol at the beginning of the line.
  2. Set the ClientAliveInterval value to the number of seconds you want the server to send a keep-alive message to the client. For example, to send a keep-alive message every 300 seconds (5 minutes), you would set ClientAliveInterval to 300.
  3. Uncomment the ClientAliveCountMax line and set its value to the number of keep-alive messages the server will send to the client before disconnecting. For example, to allow the server to send 3 keep-alive messages before disconnecting, you would set ClientAliveCountMax to 3.
  4. Save the changes to the configuration file and restart the SSH service:
sudo service ssh restart

After making these changes, your SSH connection should remain active as long as there is activity between the client and server within the specified interval.

Common problems

  1. Authentication failures: This occurs when SSH is unable to authenticate the user, either due to an incorrect username or password, or a misconfigured public key. Make sure you are using the correct credentials, and check the SSH server logs for any error messages that may help diagnose the issue.
  2. Connection timeouts: This happens when there is no activity on the SSH connection for a certain period of time, causing the connection to be terminated. This can be resolved by modifying the ClientAliveInterval and ClientAliveCountMax settings in the SSH server configuration file, as described in the previous question.
  3. Host key verification failures: This occurs when SSH fails to verify the authenticity of the remote host’s key, which could be due to a man-in-the-middle attack or a change in the host’s key. Make sure you are connecting to the correct host, and remove any conflicting entries in the known_hosts file.
  4. Permission denied errors: This can happen when attempting to access files or directories that are not accessible by the user. Check the file and directory permissions, and make sure the user has the necessary permissions to access them.
  5. Firewall issues: This happens when a firewall is blocking SSH connections, preventing the user from connecting to the remote host. Make sure that port 22 (the default SSH port) is open on both the client and server firewalls.
  6. Connection refused errors: This occurs when the SSH server is not running or not accessible on the specified port. Make sure the SSH server is running and listening on the correct port, and that there are no network connectivity issues.
  7. Slow connection or high latency: This happens when there is high network latency or congestion, causing the SSH connection to become slow or unresponsive. This can be resolved by improving the network infrastructure, or by using tools such as mosh (mobile shell) that provide better performance over high-latency networks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.