openssh

Details
Last Updated: Thursday, 20 July 2023 05:29
Published: Tuesday, 29 October 2019 23:42
Hits: 4138

openssh: This is the official link: https://www.openssh.com/

There are lot of programs available that allow you to remotely log into your machines. Openssh is open source and most popular on Linux. It has a client server model. So, in order to allow others to log into your machine, you need to install a server program on that machine. This server program keeps on looking for any incoming connections. If it finds an incoming connection, and credentials are valid, it allows you to log into this machine, just as a local user would. On the other computer (client computer) from which you are trying to connect to this server, you need to install a client program of openSSH.

Install:

Cient program of openssh are usually installed on all Lnux systems. We can verify this by typing cmd "which ssh" on terminal. It should show path as /usr/bin/ssh. ssh is the openssh client pgm. Server program of ssh is called "sshd" (ssh daeman) and is not installed by default. We can install it as follows:

On a terminal, type the below cmd:

sudo apt intsall openssh-server => This will install openssh server on your computer.

Now type, "which sshd", and it will show binary executable path as /usr/sbin/sshd.

sshd daeman by default runs on TCP port 22. It starts on boot time.

Syntax ssh/sshd:

ssh cmd syntax here: https://man.openbsd.org/ssh.1

ex: ssh This email address is being protected from spambots. You need JavaScript enabled to view it. => This is used to log into remote m/c maaldaar.com, with user name "hari" on that remote m/c.

sshd cmd syntax here: https://man.openbsd.org/sshd.8

We can manually start/stop sshd, or check status using various cmds (see in "init vs sytemd" section). Here, we'll show by 2 means: systemd based and init based.

1. init based: sudo /etc/init.d/ssh start

2. systemd based: systemctl status sshd

Adding New User for ssh:

If you want to allow any user from any machine to ssh into your server, then you need to create a new user with some name, give that user a password. Then others can login with that username and that password. Password can also be made optional. Follow the steps:

  • Open a new terminal on ssh server m/c and type below cmds:
    • su adduser guest => here "guest" is the user name. It will ask for a new password for this user. It will then add this user, make a home dir for guest at /home/guest.
    • su passwd guest => You can change the password by using this cmd.
    • usermod -aG sudo newuser => This gives sudo access to "guest" user so that he/she can run any root cmd by being superuser. This is very risky and should only be done for trusted users.
  • Once new user has been created on server m/c, log into client machine and make a ssh connection to server m/c:
    • ssh This email address is being protected from spambots. You need JavaScript enabled to view it. => It asks for the password, and if both username and password are correct, then it makes a ssh connection and opens a terminal on server m/c.

 

 

Linux ssh related cmds:

There are many cmds in linux that establish a connection b/w 2 machines. A lot of these are built on top of ssh. Either we establish a sssh before we can use these cmds, or ssh is inbuilt as part of these cmds. Either way sshd should be running on the server m/c or the cmds will fail. Few such cmds are below:

Linux Secure Copy (scp) cmd:

scp is the linux cmd to copy files from one computer to other. It's equivalent of cp or copy cmd, except that it's done to copy files between computers and is done securely so that files can't be seen by any third party. scp uses ssh under the hood, so scp can only work after sshd is installed and running. We need sshd, or server ssh, to be active and running on the remote machine that we are trying to connect to. If it doesn't has sshd running, scp to/from that remote machine won't work. Usage is simple:

scp <src_machine:src_file> <dest_machine:dest_file> => scp cmd asks for user's password on another machine, as it uses ssh for authentication.

ex: user1@laptop1$ scp user2@laptop2:test.txt project/. => This copies the file "test.txt" from remote machine "laptop2" in user2 home dir to "project" subdir of current dir in laptop1. Laptop1 is our local machine and user1 is logged on this machine. He's some dir "dir1". Now file is copied to dir1/project/test.txt.

ex: user1@laptop1$ scp project/test1.txt user2@laptop2:dir2/test2.txt => This is the reverse of above example, where we are copying from local machine (laptop1) to remote machine (laptop2). Here we are copying file test1.txt as test2.txt.

 

Linux remote sync (rsync) cmd: 

rsync is another linux cmd to copy and sync files b/w 2 m/c. rsync is very popular and is  included on most Linux distributions by default.

Detailed link: https://www.digitalocean.com/community/tutorials/how-to-use-rsync-to-sync-local-and-remote-directories

syntax: rsync <options> <src_files> <dest files>

Steps:

  • Log into the client m/c (or server m/c). Establish ssh connection b/w the 2 m/c using ssh cmd with correct user name.
  • cd ~; rsync -a ~/dir1/ dir2 => this copies files locally from dir1 to dir2. Since / is at end of dir1, dir1 itself is not copied to dir2. -a copies recursively preserving symbolic links, timestamps, etc. -anv option also used commonly which does a dry run of what the cmd is going to do (-n is for "not do it", -v is for verbose)
  • rsync -a ~/dir1 guest@maaldaar.com:dest_dir => This is push method where we push files from local m/c (~/dir1) to remote m/c (dest_dir)
  • rsync -a This email address is being protected from spambots. You need JavaScript enabled to view it.:/home/guest/dir1 ~/dest_dir => This is pull method where we pull files from remote m/c (/home/guest/dir1) to local m/c (~/dest_dir)