Difference between revisions of "OpenSSH"

From Pulsed Media Wiki
(Created page with "== OpenSSH == '''OpenSSH''' (''Open Secure Shell'') is a free and open-source implementation of the SSH (Secure Shell) protocol. It provides a suite of tools for securely...")
 
(Guides: Information)
 
(One intermediate revision by the same user not shown)
Line 32: Line 32:
 
On Debian-based systems (e.g., Debian, Ubuntu):
 
On Debian-based systems (e.g., Debian, Ubuntu):
  
<syntaxhighlight lang="bash">
+
 
sudo apt update
+
  sudo apt update
sudo apt install openssh-server
+
  sudo apt install openssh-server
</syntaxhighlight>
+
 
  
 
Start and enable the SSH service:
 
Start and enable the SSH service:
  
<syntaxhighlight lang="bash">
+
 
sudo systemctl start ssh
+
  sudo systemctl start ssh
sudo systemctl enable ssh
+
  sudo systemctl enable ssh
</syntaxhighlight>
+
 
  
 
To check SSH server status:
 
To check SSH server status:
  
<syntaxhighlight lang="bash">
+
 
sudo systemctl status ssh
+
  sudo systemctl status ssh
</syntaxhighlight>
+
 
  
 
=== Configuration ===
 
=== Configuration ===
Line 54: Line 54:
 
The SSH server is configured via:
 
The SSH server is configured via:
  
<syntaxhighlight lang="bash">
+
 
/etc/ssh/sshd_config
+
  /etc/ssh/sshd_config
</syntaxhighlight>
+
 
  
 
Common settings include:
 
Common settings include:
Line 67: Line 67:
 
After making changes, restart the service:
 
After making changes, restart the service:
  
<syntaxhighlight lang="bash">
+
 
sudo systemctl restart ssh
+
  sudo systemctl restart ssh
</syntaxhighlight>
+
 
  
 
=== Security Practices ===
 
=== Security Practices ===
Line 90: Line 90:
  
 
* [[PuTTY]] – SSH client for Windows
 
* [[PuTTY]] – SSH client for Windows
* [[WinSCP]] – Graphical SCP/SFTP client for Windows
 
* [[MobaXterm]] – Advanced SSH terminal with file browser and X server
 
 
* [[Dropbear SSH]] – Lightweight SSH alternative for embedded systems
 
* [[Dropbear SSH]] – Lightweight SSH alternative for embedded systems
  
Line 99: Line 97:
 
* [[SFTP]]
 
* [[SFTP]]
 
* [[SCP]]
 
* [[SCP]]
* [[Public-key cryptography]]
 
* [[Port forwarding]]
 
* [[Linux system administration]]
 
* [[fail2ban]]
 

Latest revision as of 14:04, 19 May 2025

OpenSSH

OpenSSH (Open Secure Shell) is a free and open-source implementation of the SSH (Secure Shell) protocol. It provides a suite of tools for securely accessing and managing remote systems over an encrypted connection. OpenSSH is developed by the OpenBSD Project and is the most widely used SSH implementation on Unix-like systems, including Linux, BSD, and macOS.

OpenSSH is the default SSH client and server on most Linux distributions, including Debian, Ubuntu, Red Hat, and Arch Linux.

Key Features

  • **Secure remote login** – Provides encrypted terminal access to remote machines
  • **Public key authentication** – Enables secure, passwordless login using cryptographic key pairs
  • **Secure file transfer** – Tools like `scp` and `sftp` for transferring files
  • **Port forwarding and tunneling** – Forward local or remote ports over SSH
  • **Agent forwarding** – Temporarily use local SSH keys on remote systems
  • **Configurable access control** – Fine-grained SSH access rules via `sshd_config`

OpenSSH Tools

OpenSSH includes a set of command-line tools:

  • ssh – Secure remote shell client
  • sshd – SSH daemon (server)
  • scp – Secure file copy
  • sftp – Secure FTP-like file transfer interface
  • ssh-keygen – Generate and manage SSH key pairs
  • ssh-agent – SSH key agent for managing private keys
  • ssh-add – Add keys to the agent
  • ssh-copy-id – Install public key on a remote server
  • ssh-keyscan – Retrieve public keys from a host

Installation

On Debian-based systems (e.g., Debian, Ubuntu): 


 sudo apt update
 sudo apt install openssh-server


Start and enable the SSH service: 


 sudo systemctl start ssh
 sudo systemctl enable ssh


To check SSH server status: 


 sudo systemctl status ssh


Configuration

The SSH server is configured via: 


 /etc/ssh/sshd_config


Common settings include:

  • `Port 22` – Default port (can be changed for security)
  • `PermitRootLogin no` – Disables root login
  • `PasswordAuthentication no` – Enforces key-based login
  • `AllowUsers` – Restrict login to specific users

After making changes, restart the service: 


 sudo systemctl restart ssh


Security Practices

  • Use **SSH keys** instead of passwords
  • Disable **root login**
  • Change the default port
  • Install tools like fail2ban to block brute-force attacks
  • Monitor login attempts in `/var/log/auth.log`

Use Cases

  • Remote server administration
  • Secure file transfers (seedboxes, VPS, cloud instances)
  • Git and code deployments (e.g., via `git@`)
  • Remote backups and scripting automation
  • Encrypted tunnels for securing other network services

Related Software

  • PuTTY – SSH client for Windows
  • Dropbear SSH – Lightweight SSH alternative for embedded systems

See Also

Retrieved from "https://wiki.pulsedmedia.com/index.php?title=OpenSSH&oldid=1002953"