What is SSH?
SSH (full Secure Shell) is an encrypted network protocol. Data that uses the protocol will be encrypted, and if the intermediate data leaks in transit, it can also ensure that no one can read out useful information. To use SSH, the target machine should install the SSH server application because SSH is based on the customer-service model. When you want to securely connect to a host remotely, an intermediary network (such as the Internet) is not secure, and SSH is often used in this case.
Installing SSH
If it happens that your machine is not installed, we can install it by hand. The simplest way is to use the Linux Package Manager.
Debian/ubuntu-based systems:
Installing Ssh-client
$ sudo apt-get install openssh-client
Installing Ssh-server
$ sudo apt-get install Openssh-server
Redhat/centos-based systems:
# yum Install Openssh-server openssh-clients
Once SSH is installed, we can enter SSH under the terminal to check if the installation is normal.
Using SSH
Provides a number of options that you can use. This article describes some of the options that we use frequently in our daily operations.
1. No option parameters to run SSH
The usual way to use SSH is to simply enter "ssh" without any option parameters. Here's an example:
$ ssh 192.168.0.103
The first time you connect to the target host, SSH will let you confirm the authenticity of the target host. If your answer is NO,SSH will not continue to connect, only answer yes will continue.
The next time you log in to this host, SSH will not be prompted to confirm the message. The true verification information for this host is stored by default in each user's/home/user/.ssh file.
2. Specify login User
By default, SSH attempts to connect with the current user as the user name. In the example command above, SSH attempts to log in to the server with the user's name Pungki because the user pungki is using the SSH client software on the client.
What if there is no user named Pungki on the target host? At this point you must provide a user name that exists on the target host. To specify a user name from the outset, you can use the-l option parameter.
$ ssh-l Leni 192.168.0.103
We can also enter this:
$ SSH [email protected]
3. Specify the port
The port number that SSH uses by default is 22. Most modern Linux system 22 ports are open. If you run an SSH program without specifying a port number, it sends the request directly through Port 22.
Some system administrators change the default port number for SSH. Let's try, now the port number is 1234. To connect to that host, use the **-p* option, followed by the SSH port number.
$ SSH 192.168.0.103-p 1234
To change the port number, we need to modify the/etc/ssh/ssh_config file to find this line:
Port 22
Replace it with a different port number, such as port 1234 on the example above, and then restart the SSH service.
4. Compression of all data requests
With this option, all data sent or received via SSH will be compressed and still encrypted. To use the compression feature of SSH, use the-C option.
$ ssh-c 192.168.0.103
This option is useful if you have a slow connection, such as using a modem to surf the web. But if you're using a LAN or other higher-level network, compression will slow down your transmission. You can use the-o option plus the compression level parameter to control the level of compression, but this option only works under SSH-1.
5. Specify an encryption algorithm
SSH provides some cryptographic algorithms that are available. Can be seen in the */etc/ssh/ssh_config or ~/.ssh/config * file (if present).
Let's try, for example, if you want to use the Blowfish algorithm to encrypt your SSH session, just add this line to your/etc/ssh/ssh_config or ~/.ssh/config file to:
Cipher Blowfish
By default, SSH uses the 3DES algorithm.
6. Turn on debug mode
For some reason, we want to track the SSH connection we established. The-v option parameter provided by SSH is designed for this purpose.
$ ssh-v 192.168.0.103
7. Binding Source Address
If your client has more than two IP addresses, you will not be able to figure out which IP to use to connect to the SSH server.
To resolve this situation, we can use the-B option to specify an IP address. This IP will be used as the source address for establishing the connection.
$ ssh-b 192.168.0.200-l Leni 192.168.0.103
Server, we can use the netstat command to check if the connection to the service is established. You can see that the IP-192.168.0.200 connection has been established.
8. Use a different configuration file
By default, SSH uses a configuration file located in/etc/ssh/ssh_config. This configuration file is used for all users of the system. But if you want to specify special settings for a particular user, you can put the configuration in the ~/.ssh/config file. If this file does not exist, you can create one manually.
The following is an example of a generic ssh_config file configuration. This configuration file is located in the/home/pungki directory.
Host 192.168.0.*
ForwardX11 Yes
Passwordauthentication Yes
ConnectTimeout 10
Ciphers AES128-CTR,AES192-CTR,AES256-CTR,ARCFOUR256,ARCFOUR128,AES128-CBC,3DES-CBC
Protocol 2
Hashknownhosts Yes
To use the specified configuration file, you can use the-f option.
$ ssh-f/home/pungki/my_ssh_config 192.168.0.101
9. Using SSH X11 Forwarding
At some point, you may want to display the X11 application on the server to the client computer, and SSH provides the-X option. But to enable this feature, we need to do some preparation, here is the setting:
On the server side, you need to set the line in the/etc/ssh/ssh_config file to ForwardX11 Yes or X11forwad Yes to enable X11 Forwarding and restart the SSH service program.
Then on the client, enter Ssh-x [email protected]:
$ ssh-x [email protected]
Once logged in, you can enter:
$ echo $DISPLAY
To check that you should be able to see the following as shown in the
localhost:10:0
You can then run the app and only enter the application's commands. Let's try, for example, to run the Xclock program and enter:
$ xclock
It's running, Xclock is actually running on the remote system, but it shows up in your local system.
SSH common Command options