Basics of ssh and scp
What is OpenSSH? According to the OpenSSH page: OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. The OpenSSH suite replaces rlogin and telnet with the ssh program, rcp with scp, and ftp with sftp. Also included is sshd (the server side of the package), and the other utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server.
OpenSSH is developed by the OpenBSD Project. The software is developed in countries that permit cryptography export and is freely usable and re-usable by everyone under a BSD license.
General speaking it is the remote terminal connection of choice. In this entry we are only going to cover the very basics of ssh and scp. We will cover more advanced features and sftp in later entries.
SSH ClientLet’s assume that you have an account on a server: servername.com (or the ip address) and that this machine is running an ssh server. Your account on my server will be referred to as username and your password is password123.
You are logged in to your own Linux machine (there are Windows ssh clients available, for example PuTTY.) and you want to login as username on the ssh-server machine. You simply type: (Note: the -l states that you will be providing a user name)
ssh -l username servername.com
If there is no host name you can type:
ssh -l username xxx.xxx.xxx.xxx (the x’s representing the ip-address).
alternatively you can disregard the -l switch and also type
ssh username@servername.com
All of these will perform the same function and should prompt you for the password to allow you access if you have a user name on that machine. If your login name on your Linux machine was the same as the one you use on your own machine, you could have omitted the “-l username” and everything else would be the same.
SCP Client
If that were all ssh could do, it would be pretty cool and pretty useful. But there’s more. It can also copy files, or run remote commands. We tend to do this with SCP. Like Putty to SSH, there is a Windows SCP client application as well: WinSCP . But we’ll assume you are on a linux machine and want to transfer files with another linux machine. We would be able to transfer a file.txt to the other machine like this: (Note: You must not be in your ssh session)
scp /home/username/file.txt username@servername.com:~/home/username/
First we called ’scp’, then we specified the file we wished to transfer over the ” /home/username/file.txt”, like with ssh we specified the username and the server we were connecting to, and finally the :~/home/username specifies the directory on the remote machine in which we are placing that file. If all is setup correctly this should transfer file.txt to the home directory you have on the remote machine.
To copy files from remote computers to your local disk: (Note: Like with ssh, the ip-address and server name are interchangeable. )
scp username@xxx.xxx.xxx.xxx:/home/username/file2.txt
Now this, as we can see, submits the username and location to connect to first, then locates the file you would like and downloads this file to the current directory you are in in your terminal (your home directory by default). You must know the exact location of the file you would like. So you may have to ssh in, browse directories to find the file you’re after, disconnect the ssh, then issue this scp command to download that particular file.
As a server:
To install an ssh server is normally a pretty streamlined process in most distros.
- In Ubuntu: sudo apt-get install openssh-server
- In openSuse: (as root:) zypper in openssh
- In Fedora: (as root:) yum install openssh-server
Note, unless you change the port in which ssh functions on, the default port is 22. If you change that port, the client will have to specify the port after the server name like so:
ssh -l username xxx.xxx.xxx.xxx:44
with 44 being the port you chose. Also ensure that your firewall on your computer and your firewall has the correct port open. Also browse these configuration files for further options you can change:
/etc/ssh/ssh_config (for the client options)
/etc/ssh/sshd_config (for the server options)
If you change anything in sshd_config, remember you will have to restart the ssh server as well:
(as root:) /etc/init.d/ssh restart
In the near future we will cover sftp and some more advanced features of SSH. Below we already have articles on how to secure an openssh server.
Also See:
- Linux to Linux Key Based SSH
- Preventing Brute Force Attacks With Fail2ban(somewhat OpenSuse centric)
- Protect SSH Access With hosts files and a proper sshd_config(tcp wrappers)
Loading ...