SSH command usage in Linux/Unix systems

Filed Under: UNIX/Linux

Any security-minded Linux user will always use SSH protocol when connecting to servers. This is because SSH is a secure protocol that encrypts data or information sent over the network. SSH replaced older and insecure protocols in the 90’s such as telnet and rlogin. In this guide, we look at SSH command usage with examples.

By default, SSH runs on the TCP/IP port 22

Checking if SSH service is running on a Linux System

If you are currently logged in to a Linux system and you want to check if SSH is running, execute the command

# systemctl status sshd

Sample Output

Check If Ssh Is Running

Additionally, you can check ssh is listening on port 22 on your server by using the netstat command as shown

# netstat -pnltu

Sample Output

Netstat Command To Check Is Ssh Is Running

The two techniques have confirmed that the SSH protocol is running on port 22.

Logging to a remote System using SSH

To log in to a remote system as root user from a Linux machine use the syntax below:

# ssh root@host-ip-address 

For example, I’m going to login to a remote Debian PC IP 173.82.208.144

# ssh root@173.82.208.144

If you are connecting for the first time, you will see the following prompt

Ssh To Remote System For The First Time

Type yes to add the server to the list of known_hosts located in ~/.ssh/known_hosts

Each server consists of a host key which is a cryptographic key. This key is used to authenticate systems using SSH protocol.

Added Server To Known Hosts

Next, you will be prompted for the remote system’s password. Provide the Password and hit ‘ENTER’ to log in to the system.

Logged In To Remote Host Using Ssh

Logging to a system as a regular user

Sometimes, you may want to log in to a remote system using a regular user’s account if remote root login is disabled. to do this, follow the syntax below

# ssh username@host-ip-address

OR

# ssh -l username host-ip-address

To log in as user ‘john’ residing on the remote Debian system, execute the command

# ssh john@173.82.208.144 

Sample Output

Ssh To A Remote System As A Regular User

You can get the same thing using the below command.

# ssh -l john 173.82.208.144

Sample Output

Ssh To A Remote System As A Regular User 2

Configuring passwordless authentication

Sometimes, you may constantly need to access your remote systems or you may have services that may need access to these systems. Password authentication may lead to time wastage or hinder access to automated applications that require access to the remote systems. For this reason, it’s convenient to configure a passwordless SSH authentication to your remote servers.

Step 1: Generate SSH keys

The first step will be to generate SSH keys on the server using the command:

# ssh-keygen

Sample Output

Generate Ssh Key Pair
when prompted at each step, simply hit ‘ENTER’ to maintain the defaults

The public key – id_rsa.pub – is saved in ~/.ssh/ directory

Host Keys Location

Step 2: Copying the SSH public key to the remote client

The next step will be to copy the generated public key to the remote client system. To accomplish this, we will use the ssh-copy-id command . The command copies the SSH key to the remote client as an authorized key. This allows for subsequent automated passwordless logins.

# ssh-copy-id -i ~/.ssh/id_rsa.pub root@173.82.208.14

Sample Output

Copy Public Keyto Remote System

Now you can seamlessly log in to the remote Debian System without being prompted for a password

Sample Output

Passwordless Login

The public key is saved in the client system in the ~/.ssh/authorized_keys file.

A FEW POINTS TO NOTE

  1. SSH clients store host keys to systems they are connected to. These keys are referred to as known host keys and are stored in the ~/.ssh/ directory.
  2. The private keys – id_rsa should only be accessible to the root user and should not be copied to any system. If leaked out to another third party, this may lead to man-in-the-middle attacks where the client systems can be compromised by hackers.

Leave a Reply

Your email address will not be published. Required fields are marked *

close
Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages