What is SSH
Secure Shell (SSH) is a cryptographic network protocol used for secure data communication, remote shell services, and command execution between two networked computers. Developed as a replacement for older, less secure protocols like Telnet and rlogin, SSH provides a robust layer of security by encrypting the connection and ensuring data integrity.
SSH is widely used in various domains, including system administration, software development, and network engineering. It enables administrators to manage servers, configure devices, and transfer files securely over an insecure network. The protocol is also instrumental in automating scripts and processes, making it a critical tool in modern IT environments.
One of the most significant advantages of SSH is its ability to facilitate secure remote access. By using SSH, users can log into remote machines, execute commands, and manage systems as if they were physically present, all while maintaining a high level of security. This feature is particularly valuable in today’s distributed work environments, where remote access to servers and devices is a necessity.
Setting up an OpenSSH server
An OpenSSH server is setup in a way that a machine can be accessed using the SSH protocol.
It can be setup on any Windows, Macintosh or Linux machine.
To set it up on a Linux machine of the Ubuntu distro, we must install the necessary packages.
1- Update Package List
2- Install OpenSSH
3- Adjust firewall rules (Optional, but Highly encouraged due to security concerns)
sudo ufw allow ssh
# If the port is changed (not 22), Do this instead:
sudo ufw allow <custom_port_for_openssh>
# This enables the Host-Firewall if it isn’t enabled yet.
sudo ufw enable
4- Turning ON the Service
sudo systemctl start ssh
# otherwise
sudo service ssh start
Server-Side Configuration
On Debian-based machines, the configuration file can be found in: /etc/ssh/sshd_config
Port 22
MaxAuthTries 10
MaxSessions 5
PasswordAuthentication yes
PubkeyAuthentication no
Banner none
X11Forwarding no
Port: We can choose a port (as long as it isn’t being used by another service) from 1 to 65535
MaxAuthTries: is an important parameter for controlling how many times a client can attempt to authenticate before being disconnected. Setting it to a reasonable value helps improve the security of your SSH server by reducing the risk of unauthorized access through brute-force attacks.
MaxSessions: this is a SSH server parameter that limits the number of simultaneous sessions a single SSH connection can establish.
PasswordAuthentication: choose if a user can or can not authenticate to the server with a password.
PubkeyAuthentication: choose if a user can or can not authenticate to the server with a Private key (which is from a previously generated Public/Private key value pair).
Banner: This parameter isn’t really of any security meaning, but rather one could customize their server’s welcoming Banner.
If set, it should point to the file that should be echo’ed, otherwise leave it as “none”
X11Forwarding: This allows users to have the GUI apps on the remote server virtually executed on the actual Host machine using something called the “X Window System”.
-> Example: You have mysql-server installed on the remote server, but you didn’t expose the port of that mysql server outside of that machine (one can’t connect to it with a GUI tool remotely with a Client tool like “MySQL Workbench”), and instead of making the port of that DB service exposed, we just want to use the mysql-workbench gui app on the remote machine itself, and have that graphical interface “forwarded” to us to see and manipulate. X Window comes in handy here.
at the end, we need to restart the openssh server:
sudo service ssh restart
