TechCacheKB.com

Technical News and Knowledge Base Articles along with How to Step by Step Guides for SMB and Enterprise


Understanding SSH and Its Use in Ubuntu 24.04 Linux


What is SSH?

Secure Shell (SSH) is a cryptographic network protocol for securely operating network services over an unsecured network. It provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server.

Ports Used by SSH

By default, SSH uses port 22. However, this port can be changed for security reasons.

How SSH Works

SSH works by establishing a secure connection between the client and the server. Here’s a step-by-step breakdown of the process:

  1. Client Initiation: The client initiates a connection to the server.
  2. Server Response: The server responds with a public key.
  3. Client Authentication: The client uses the server’s public key to encrypt a random session key and sends it back to the server.
  4. Session Key Establishment: The server decrypts the session key with its private key, and both client and server use this session key to encrypt subsequent communication.

Using SSH on Ubuntu 24.04

Installing SSH

To use SSH, you need to install the OpenSSH package. OpenSSH is a suite of secure networking utilities based on the SSH protocol.

sudo apt update
sudo apt install openssh-server
  • sudo apt update: Updates the package lists.
  • sudo apt install openssh-server: Installs the OpenSSH server.
Starting and Enabling SSH Service

After installation, start and enable the SSH service:

sudo systemctl start ssh
sudo systemctl enable ssh
  • sudo systemctl start ssh: Starts the SSH service.
  • sudo systemctl enable ssh: Enables SSH to start on boot.
Connecting to an SSH Server

To connect to an SSH server, use the following command:

ssh username@hostname
  • ssh: The SSH command.
  • username: Your username on the remote server.
  • hostname: The IP address or domain name of the remote server.

Advanced SSH Features

Port Forwarding

SSH can be used for port forwarding, which redirects network traffic from one port to another.

  • Local Port Forwarding:
  ssh -L local_port:remote_address:remote_port username@hostname
  • Redirects traffic from local_port to remote_address:remote_port through username@hostname.
  • Remote Port Forwarding:
  ssh -R remote_port:local_address:local_port username@hostname
  • Redirects traffic from remote_port on the server to local_address:local_port on the client.
SSH Tunneling

SSH tunneling is used to route network traffic securely through SSH.

ssh -D local_port username@hostname
  • -D local_port: Specifies a local dynamic application-level port forwarding.
SSH Key Authentication

SSH keys provide a more secure way to log in than using a password alone.

  1. Generate SSH Key Pair:
   ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  • -t rsa -b 4096: Specifies the type and size of the key.
  • -C "your_email@example.com": Provides a comment.
  1. Copy Public Key to Server:
   ssh-copy-id username@hostname
  • Copies the public key to the server.
  1. Log In Using SSH Key:
   ssh username@hostname

Securing SSH

Changing the Default SSH Port

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Change the port number:

Port 2222

Restart the SSH service:

sudo systemctl restart ssh
Disabling Root Login

To disable root login, edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Set PermitRootLogin to no:

PermitRootLogin no

Restart the SSH service:

sudo systemctl restart ssh
Using Security Certificates with SSH

SSH can use certificates for authentication, providing an additional layer of security.

  1. Create a Certificate Authority (CA) Key:
   ssh-keygen -f /path/to/ca -C "CA for SSH"
  1. Sign User Keys:
   ssh-keygen -s /path/to/ca -I username -n username -V +52w user_key.pub
  • -s /path/to/ca: Specifies the CA key.
  • -I username: The identity of the user.
  • -n username: The principal name.
  • -V +52w: Validity period.
  1. Configure SSH to Trust the CA:
    Add the CA public key to the SSH server configuration:
   sudo nano /etc/ssh/sshd_config

Add the following line:

   TrustedUserCAKeys /path/to/ca.pub

Restart the SSH service:

   sudo systemctl restart ssh

Additional Tips and Tricks

  • Using SSH Config File: Simplify SSH command usage by creating an SSH config file.
  nano ~/.ssh/config

Add configurations:

  Host alias
      HostName hostname
      User username
      Port 2222
      IdentityFile ~/.ssh/id_rsa
  • Copy Files Using SCP:
  scp file.txt username@hostname:/path/to/destination
  • Sync Files Using Rsync:
  rsync -avz file.txt username@hostname:/path/to/destination

Conclusion

SSH is a powerful and secure protocol for managing and communicating with remote servers.


  • Guide to Installing Ubuntu 24.04 on a Modern Laptop
    Installing Ubuntu 24.04 on a modern laptop involves several detailed steps. This guide will cover everything from preparing your system to securing your installation with encryption and UEFI security. Follow these instructions carefully to ensure a smooth and secure installation process.
  • How to Backup and Restore Your Google Chrome Bookmarks: A Comprehensive Guide
    Google Chrome is a widely used web browser that allows you to save your favorite websites as bookmarks. Backing up these bookmarks is crucial for data safety, especially when switching devices, reinstalling your operating system, or ensuring you don’t lose important web pages. This guide will provide detailed, step-by-step instructions for backing up and restoring your Chrome bookmarks, explain the different types of exporting options, and offer tips and tricks to maximize your bookmarks’ utility.
  • How to Backup and Restore Your Firefox Bookmarks: A Comprehensive Guide
    Firefox, one of the most popular web browsers, offers various ways to manage and safeguard your bookmarks. Whether you’re switching to a new computer, reinstalling your operating system, or just want to keep your bookmarks safe, knowing how to backup and restore them is essential. This guide provides detailed, step-by-step instructions for both processes, explains the different types of exporting options, and offers tips and tricks to make the most out of your Firefox bookmarks.
  • Setting Up Remote Desktop on macOS Sonoma
    Remote Desktop allows you to connect and control your macOS Sonoma machine from another device. This guide covers setting up Remote Desktop using built-in or open-source tools, additional configuration, optimization tips, and an explanation of how Remote Desktop works.
  • Setting Up Remote Desktop on Ubuntu 24.04
    Remote Desktop allows you to connect and control your Ubuntu 24.04 machine from another device. This guide covers setting up Remote Desktop using built-in or open-source tools available in the official Ubuntu 24.04 repositories, along with additional configuration, optimization tips, and an explanation of how Remote Desktop works.

by