What is SSH
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users. SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server.
Install and config OpenSSH on a CentOS server
OpenSSH is a suite of opensource programs for remote login based on SSH protocol, developed by the OpenBSD Project. Since it is free for all users, Most Linux distribution has openssh installed initially.
CentOS 7 provides openssh
, openssh-server
and openssh-clients
packages. The openssh
package should be initially installed. Note that openssh
package requires openssl-libs
to be installed on the system since it provides some very important cryptographic libraries.
To install the server and client package,
sudo yum -y install openssh-server
sudo yum -y install openssh-clients
To start the SSH service in CentOS,
sudo systemctl start sshd.service
This will creat the OpenSSH daemon sshd
that listens for connections from clients via port 22. It forks a new daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange.
To turn off this service,
sudo systemctl stop sshd.service
If you wish to have the SSH daemon run automatically as the computer boots up, issue the command,
sudo systemctl enable sshd.service
This will allow the SSH service to run every time you start up your computer, which is normally started at boot from /etc/rc
.
The default configuration file for the sshd
daemon is sshd_config
under the directory /etc/ssh/
. We can uncomment the default settings and change what we want
Port 1234 # change port from 22(default) to 1234
PermitRootLogin no # disable root logins
AllowUsers john jane # restrict login to user john and jane only over ssh
DenyUsers smith # refuse login to user smith
ListenAddress 192.168.1.150 # set the address that sshd listen to
PermitEmptyPasswords no # reject logins with no passwords
Read OpenSSH Manual Pages to learn more.
Connecting on a Linux client using ssh command
To connect to our server, running the basic ssh command:
ssh <username>@<hostname or IP address>
<username>
is the hostname of the server that you want to connect to. By default ssh will use the same username as on your client if you live user
as blanked. Such as
ssh <hostname or IP address>
<hostname or IP address>
is the IP adress or the name of your server if your network have DNS service.
Since SSH use port 22 as default port, if you want to connect via other port, using
ssh user@host -p 1234
This will change port from 22(default) to 1234.
For the first login, it will ask you if you wish to add the remote host to a list of known hosts. Don’t worry, go ahead and say yes.
To end your SSH session, typing exit
command or logout
command. This will kill all the process and end SSH connection.
Read ssh Command - OpenSSH General Commands Manual to learn more.
Connecting on a client running Windows
SSH sees some limited use on Windows. In 2015, Microsoft announced that they would include native support for SSH in a future release.
To use ssh, you need either a ssh client program or a Linux-like shell environment. Here some clients are recommended:
-
PuTTY is a free, opensource implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator. Prortable exe programs are provided on PuTTY Download Page.
-
Bitvise SSH Client is a free and flexible SSH Client for Windows includes state of the art terminal emulation, graphical as well as command-line SFTP support, an FTP-to-SFTP bridge, powerful tunneling features including dynamic port forwarding through integrated proxy, and remote administration for our SSH Server. Bitvise SSH Client installer is provided on Download Bitvise SSH Client
-
FinalShell是由国人开发的一体化服务器、网络管理软件。能够实现云端同步,免费海外服务器远程桌面加速,ssh加速,本地化命令输入框,支持自动补全,命令历史,自定义命令参数等特色功能。
Comparison of SSH clients - Wikipedia compares a selection of notable clients.
Visual Studio Code, which is a free and cross-plateform code editor developed by Microsoft, can also open a remote folder on any remote machine, virtual machine, or container with a running SSH server with the help of the Visual Studio Code Remote - SSH extension. Following the documentation Remote Development using SSH to get started.
File transfers using scp command
SSH can not only login to remote hosts, but also provides file transfers between clients and servers.
SSH uses scp
command for secure copy (remote file copy program) between hosts over an encrypted connection based on SSH protocol. You can transfer files from your local client to a remote host or vice versa or even from a remote host to another remote host.
To copy a file from your computer to another computer(upload), type:
scp <file> <username>@<IP address or hostname>:<Destination>
For example, my server’s IP is 192.168.1.150. I run the following command on my client to copy a file called test.txt
from the local computer to a file by the same name on the server under directory ~/
(i.e. /home/username/
).
scp test.txt username@192.168.1.150:
Then I make another copy of test.txt
while changing the name to readme.txt
and specifying directory /home/program/
scp test.txt username@192.168.1.150:/home/program/readme.txt
To copy the file back from the server(download), just reverse the from and to.
scp username@192.168.1.150:/home/program/readme.txt readme.txt
Adding -r
(recursive) option, SSH copy a whole directory recursively to a remote location. The following command copies a directory named testprogram
to the home directory of the user on the server.
scp -r testprogram username@192.168.1.150:
Read scp Command - OpenSSH General Commands Manual to learn more.
Keep your process alive
Normally linux will forcibly kill all process and jobs created by remote users once he logs out of the session or the session times out after being idle for quite some time.
We can use nohup
command to send our long running command to background so that we can continue while the command will keep on executing in background. After that we can safely log out.
A basic nohup
usage is
nohup [command] &
This will send the task to background with prompt returning immediately giving PID and job ID* of the process. i.e. [JOBID] PID
To check the status of command and bring it back to foreground once you resuming your SSH session, using
fg %JOBID
Troubleshooting
Sometimes you may have trouble keeping your SSH session up and idle. For whatever reason, the connection just dies after X minutes of inactivity. Usually this happens because there is a firewall between you and the internet that is configured to only keep stateful connections in its memory for 15 or so minutes.
Fortunately, in recent versions of OpenSSH, there is a fix for this problem. Simply put the following:
ssh config
Host *
Protocol 2
TCPKeepAlive yes
ServerAliveInterval 60
in the file ~/.ssh/config
.
The file above can be used for any client side SSH configuration. See the ssh_config man page for more details. The ‘TCPKeepAlive yes’ directive tells the ssh client that it should send a little bit of data over the connection periodically to let the server know that it is still there. ‘ServerAliveInterval 60 sets this time period for these messages to 60 seconds. This tricks many firewalls that would otherwise drop the connection, to keep your connection going.