Accessing Remote Systems with ssh

Secure Shell (SSH) is the standard method for gaining access to other machines over the network in modern Linux distributions. It employs cryptography to ensure secure connections and encrypts traffic during transmission.

To access a server via SSH, you need the sshd server process and an SSH client. The sshd service must be running on the remote server, usually on the default port 22, and not blocked by the firewall. Red Hat Enterprise Linux automatically starts the sshd process after installation, and by default, it’s not blocked by the firewall.

You can access a server using the ssh command from the command line. By default, ssh connects to port 22 on the server. If the sshd process is configured to use a different port, you can specify it with the -p option followed by the port number.

The ssh command is available on all Linux distributions and can also be used on Apple Mac computers. However, on Windows systems without the Windows Subsystem for Linux, the ssh command is not native. In such cases, you need to install an SSH client like PuTTY.

When connecting to a Linux machine from a Linux terminal, you simply type ssh followed by the server’s name or IP address. If prompted, enter the password for the user account on the remote machine. You can also specify a different user account using the user@server format.

Using SSH for Remote Login

This exercise assumes a remote server is available and reachable. It demonstrates logging in to a remote server using SSH:

1. Open a root shell on the remote server (server2) and check the status of the SSH service with systemctl status sshd.
2. Find the IPv4 address of the remote server (server2) using ip a | grep 'inet '.
3. Open a shell as a nonprivileged user on the local server (server1).
4. Use ssh root@192.168.4.220 to connect to server2 as root.
5. When prompted, enter the root password to log in.
6. Use w to view the active SSH session and exit to close it.

Security Considerations and Authentication

When connecting to a remote server for the first time, SSH displays a security message asking to confirm the host’s authenticity. This is to ensure that you’re connecting to the intended server. Once confirmed, the server’s public key fingerprint is stored locally for future connections.

SSH also supports key-based authentication, which is more secure than password authentication. With key-based authentication, users generate a public/private key pair, and the public key is stored on the server. This eliminates the need to enter a password for each login.

In the next exercise, we’ll demonstrate how to configure key-based authentication for SSH and connect to a remote server using public/private keys.

Connecting to a Remote Server with Public/Private Keys

This exercise guides you through creating a public/private key pair and using it to log in to a remote server (server2):

1. Open a root shell on the local server (server1) and generate a key pair using ssh-keygen.
2. Copy the public key to server2 using ssh-copy-id.
3. Verify that you can log in to server2 without entering a password using ssh.

By enabling key-based authentication, SSH enhances security and eliminates the need for passwords, improving convenience and efficiency in managing remote servers.