How to configure SSH-Server and accessing it
From the desk of Samy,
First of all, we should know what SSH is:
Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two computers. Encryption provides confidentiality and integrity of data over an insecure network, such as the Internet. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
This means that you may need to access from wherever to either your home-computer or work-computer. Using SSH protocol and Linux on the OS side, it’s easy. Anybody can use this protocol and he will be able to login remotely and execute commands (VNC is a alternative: it uses graphical mode, but data is not encrypted). I wanted to access my home-computer (reasons are besides the point), so I had to install a SSH server on my computer. As it gave me headache due to a silly thing, I’ll show you how you must do that.
This is the scenario
Let’s identify the computers. The server is the one which you want to be connected. For instance, you want to access some files that are stored in your work-PC. Server will be this work-PC. And clients are any PC around the world with Internet connection.
However, this is not so simple. Each client may have a SSH client… But no problem. If we’ve got Windows (ehem…) just download putty (click HERE to download). If we’ve got a Linux distri (Ubuntu?) it usually goes by default. Otherwise, just install ssh using apt-get. I’ll explain you how to connect to the server later. First, let’s get to the point.
At the beginning, we have to download the ssh metapackage. Just type (without ‘$’, of course):
$ sudo apt-get install ssh
Your user password will be required because root access is needed. Then, it will all be installed automatically.
Check your SSH configuration. Type:
$ sudo gedit /etc/ssh/sshd_config
If you don’t know what you are doing, I strongly recommend you to leave it as it comes. Just some notes: You can configure a lot of things such as which users can access the server, be accessible from limited IPs, change the port used by SSH, etc. This guide doesn’t contemplate custom configurations so ask Google about it. You will only need to change some specific line if you want to do so.
Now, we have to configure external access. Click:
System - input window (last option) Now, choose accessibility tab and make sure that the first option is enabled (enable accessible input).
1. Test if SSH is correctly configured
This is a simple test. Type in the shell server:
$ sudo ssh localhost or what’s the same: $ sudo ssh 127.0.0.1
First time you will see something like this:
The authenticity of host ‘localhost (127.0.0.1)’ can’t be established. RSA key fingerprint is [........] Are you sure you want to continue connecting (yes/no)?
Type ‘yes’, and a message will appear:
Warning: Permanently added ‘localhost’ (RSA) to the list of known hosts.
username@localhost’s password:
Type your password and…
Linux computername 2.6.24-16-generic #1 SMP Thu Apr 10 13:23:42 UTC 2008 i686
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
Voilá! It works! Now, read on. You have to access our server remotely!
2. Remote access from local network
If you are lucky and you’ve got another PC, you will be able to test if it works or not in local network. If you haven’t got another PC, don’t worry, just go ahead in the next section (remote access from Internet). You should know that each PC in a LAN have one unique LAN IP. It can be 192.168.1.2, 10.15.15.2, … For our example, I assume that my server (pc-home), in LAN, has the following IP: 192.168.1.24. And my laptop (client with Ubuntu, that is to say, SSH is installed by default), which is also connected to the same LAN, has the following one: 192.168.1.2.
Type the following command in order to connect remotely (in the same LAN) using SSH:
$ sudo MyUsernameInTheServer@LOcalServerIP
For example, in my case, with samy as my username in the server, I would type:
$ sudo samy@192.168.1.24
Then, the same messages that appeared when we tested our server(1) will appear. That’s it! Now, we’ve got a server shell working in our client!
3. Remote access from Internet
Here is when I got mad. I search and search in Google… But no luck. It seems that if you can access our server in a LAN, you will be able to access from Internet to our server. But it’s not so simple, because there is a router in the middle! So, you have to open the right ports and everything will work fine for sure:) SSH uses port 22 by default. If you have changed that, you will need to open the new one. In our case, a clean installation, we have to open port 22 so, type your router IP in Mozilla, IE, or any navigator (probably, if your server is at home, your router IP will have the same IP adress as others PCs but ended with 1. Example: XXX.XXX.XXX.1). Once we have introduced our credentials (admin - 1234, or wathever, it depends on your Internet company), you will have to tell the system to have port 22 opened. As panel administration changes for each company router, I can’t tell you how to do that, but just try it and you will see it’s extremely simple. Normally, the option to open ports is in NAT tab.
Congrats! Everything is configured! You can access your server from wherever using a ssh client! You will only have to type:
$ sudo ssh username@ServerIP
If you don’t know your IP address, check it HERE.
i.e.:
$ sudo ssh samy@82.83.15.39
ADVICE: DO NOT CHANGE YOUR IPTABLES, RULES, AND SO ON, THERE IS NO NEED TO! (unless you change your ssh configuration, changing the port, or something like that).
ADVICE2: You can not reach your server if you are in the same LAN using the external IP! A error will occur if you do so: Connection refused. You will have to use LAN IP (internal IP).
Note: This guide is based on Ubuntu, but it’s extensible to others distri.
UPDATE (June 11, 08): I’ve found out an excellent tutorial about SSH, very good explained and complete. It’s in Spanish, but I recommend you to take a look at it. <<tuxpepino>>
…SaMy*^29
